arrows pierced on a target
XACML Reference Library

What is a XACML target?

Today’s Friday, the weather has been amazingly nice these past few weeks in Stockholm which is all the more surprising since September is on the slope down to darker, wetter, and colder days. The weekend ahead looks promising. I’ll be heading out to fellow colleague, Andreas’ summer house out in the archipelago. But before I walk out the door, I thought I’d share a bit of XACML know-how to chew on over the next couple of days. In the training sessions we regularly give at Axiomatics, attendees often ask what a target is. XACML Target Definition A target is an element of the XACML policy language. It can occur in policy sets, policies, and rules. The target is used to […]

blue retractable pen
Identity and Access Management

XACML for Developers – Updates, New Tools, & Patterns for the Eager #IAM Developer

XACML is the standard for attribute-based & policy-based access control and fine-grained authorization. At the Cloud Identity Summit 2013, CIS Napa, last week, I had the privilege to be part of one of the sessions Hans Zandbelt was leading on advanced identity concepts. I chose to dive deeper into XACML and to provide updates for the developer community.My slides are available from slideshare and below. Learn how developers can benefit from XACML.

grapes vineyard vine purple grapes
Identity and Access Management

Ready to roll at the Cloud Identity Summit 2013, Napa #CISNapa

It’s already day 2 of the Cloud Identity Summit 2013. Day 1 focused on workshops and so will day 2 along with bootcamps and interops including workshops on Microsoft Identity & the Cloud. Standards will be hailed like never before: OAuth 2.0, OpenID Connect, and SCIM will be represented in a standards-focused workshop while SAML, the star of the conference, will be highlighted in a hands-on demo of PingFederate by John Da Silva.In the afternoon, I will have the privilege of completing the standards quintet as I take on my developer hat to talk about XACML, and the latest efforts around REST and JSON APIs / encoding for XACML 3.0. I will be uploading my slides later for those of […]

Policy Enforcement Points

How to send a XACML request using Perl

In a previous post, I mention how I used cURL to send a XACML request to an Axiomatics XACML Policy Decision Point (PDP). My goal, however, wasn’t to use cURL but rather whip up a sample in Perl. Perl is perhaps my third love in terms of programming languages. As a kid, I learned programming with Pascal. Later, as a teen, I went across to web programming and PHP. In my first uni. student placement I was tasked with writing Perl code which opened up a whole new world of scripting. These days, most of what I do revolves around XACML, the eXtensible Access Control Markup Language. XACML defines an architecture to apply fine-grained, externalized authorization to any type of […]

XACML Bites

How to send a XACML request using cURL – the world’s smallest Policy Enforcement Point

Recently, I’ve been asked to write a policy enforcement point (PEP) in Perl. I haven’t touched Perl in a long while but I remember having had fun using it to parse documents on a file system back in 2003 when working at the Natural Languages Lab at BT Adastral Park. I started looking around at different resources. The obvious ones are: http://www.perl.org/: the home of all Perl resources. ActiveState Perl: possibly the de facto Perl distribution Perlmonks: a great Perl forum where I used to hang out, and Perl for Eclipse: EPIC, the Perl Editor and IDE for Eclipse – pretty much all I do these days is in and around Eclipse (from SQL and LDAP to ALFA, the Axiomatics […]