XACML Bites

A neat MS SQL treat: convert from count(*) to a bit (or boolean)

I was busy writing a sample application for a retail company where I wanted to express a XACML authorization policy that would state that a user can sell an item if it hasn’t already been sold. I knew whether the item was sold by simply running a SQL PIP retrieving the count(*) of that item id in the sales contracts. But I wanted to have a boolean attribute in the XACML policy: A user can sell if the item is not sold (i.e. sold==false). So I went looking around for a means to convert count(*) into a MS SQL bit (the boolean datatype). And the answer is: select cast(count(*) as bit) as sold from salecontracts where identifier=’9700E2EA-8545-4F26-91A1-1F5E7953E3A4′

Identity & Access Management

Fine-grained access control using XACML in C# applications and the .Net framework

Background When I talk to customers, I see an increase in interest in XACML for the .Net framework and the C# language. Historically, all XACML implementations have been in Java, most of them stemming from SunXACML. It is the case for instance of WSO2’s offering, SICSACML, and of course Axiomatics’ Policy Server. Support for XACML in C# Axiomatics and other companies have since released .Net PDPs and cover the space fairly well. In addition, it is possible to develop WS clients to SOAP-based PDPs regardless of the technology used. A simple tutorial The tutorial hereafter focuses on a C# example built using svcutil and the Axiomatics Policy Server’s SOAP-based PDP. With this code, it is therefore possible to invoke the […]

Identity & Access Management

The distance of a second

One of my side hobbies is to browse the web for nice designs and interesting ways to represent information. I really like 2 blogs in particular: Information is Beautiful and the second is Grain Edit (check out their respective web stores for neat stuff). In addition to liking design, I also truly like techy stuff and in particular programming languages or declarative languages (by that I mean Java in the former instance and XML in the latter). SVG is a great standard to draw vectorial images using XML. I had therefore had my first attempt at representing information in a neat way: the distance of a second (the distance an animal / human / vehicle achieves in a fixed amount […]

Identity & Access Management

XACML 102: XPath and XACML

Some definitions XPath: (see the W3C definition) query language for selecting nodes from an XML document. In addition, XPath may be used to compute values (e.g., strings, numbers, or Boolean values) from the content of an XML document. (source: wikipedia). XACML: (see the OASIS definition) access control markup language defined to provided a standardized means to express fine-grained access control. XACML includes a reference architecture, a policy language, and a request / response protocol. Uses of XPath in XACML XPath is used in attribute selectors in XACML. Attribute selectors are defined in the specification in section 5.30. Attribute selectors contain XPath expressions that are run on the XML content that is sent within a XACML request. XPath used in a […]

Identity & Access Management

Axiomatics seeks serious contender – impressions of Gartner Catalyst 2011 (#CAT11) 30,000 ft up.

I had the opportunity to fly with Axiomatics CEO, Babak Sadighi, on our trip back from San Diego to Stockholm. During the 15-hour journey, Babak and I shared our experience and impressions of the conference. Gearing up to Catalyst 2011 The week of the 23rd of July turned out to be a pretty busy one at Axiomatics. As solutions architect, I flew over to San Diego for the much anticipated Catalyst Conference. I was keen on getting the dial tone in the Identity and Access Management space. Catalyst was to be the perfect place to catch up with Gartner analysts as well as colleagues from partner companies. As a vendor of XACML solutions and pioneers of the XACML technology, my […]