Identity & Access Management

Fine-grained access control using XACML in C# applications and the .Net framework

Background When I talk to customers, I see an increase in interest in XACML for the .Net framework and the C# language. Historically, all XACML implementations have been in Java, most of them stemming from SunXACML. It is the case for instance of WSO2’s offering, SICSACML, and of course Axiomatics’ Policy Server. Support for XACML in C# Axiomatics and other companies have since released .Net PDPs and cover the space fairly well. In addition, it is possible to develop WS clients to SOAP-based PDPs regardless of the technology used. A simple tutorial The tutorial hereafter focuses on a C# example built using svcutil and the Axiomatics Policy Server’s SOAP-based PDP. With this code, it is therefore possible to invoke the […]

Identity & Access Management

The distance of a second

One of my side hobbies is to browse the web for nice designs and interesting ways to represent information. I really like 2 blogs in particular: Information is Beautiful and the second is Grain Edit (check out their respective web stores for neat stuff). In addition to liking design, I also truly like techy stuff and in particular programming languages or declarative languages (by that I mean Java in the former instance and XML in the latter). SVG is a great standard to draw vectorial images using XML. I had therefore had my first attempt at representing information in a neat way: the distance of a second (the distance an animal / human / vehicle achieves in a fixed amount […]

Identity & Access Management

XACML 102: XPath and XACML

Some definitions XPath: (see the W3C definition) query language for selecting nodes from an XML document. In addition, XPath may be used to compute values (e.g., strings, numbers, or Boolean values) from the content of an XML document. (source: wikipedia). XACML: (see the OASIS definition) access control markup language defined to provided a standardized means to express fine-grained access control. XACML includes a reference architecture, a policy language, and a request / response protocol. Uses of XPath in XACML XPath is used in attribute selectors in XACML. Attribute selectors are defined in the specification in section 5.30. Attribute selectors contain XPath expressions that are run on the XML content that is sent within a XACML request. XPath used in a […]

Identity & Access Management

Axiomatics seeks serious contender – impressions of Gartner Catalyst 2011 (#CAT11) 30,000 ft up.

I had the opportunity to fly with Axiomatics CEO, Babak Sadighi, on our trip back from San Diego to Stockholm. During the 15-hour journey, Babak and I shared our experience and impressions of the conference. Gearing up to Catalyst 2011 The week of the 23rd of July turned out to be a pretty busy one at Axiomatics. As solutions architect, I flew over to San Diego for the much anticipated Catalyst Conference. I was keen on getting the dial tone in the Identity and Access Management space. Catalyst was to be the perfect place to catch up with Gartner analysts as well as colleagues from partner companies. As a vendor of XACML solutions and pioneers of the XACML technology, my […]

Identity & Access Management, XACML Bites

The world’s fastest XACML engine

In the last few months, I have been reading statements from a wide variety of vendors / open-source XACML implementations that they have the world’s fastest 100% XACML standards-based engine. This reminds me of heated debates that involved national pride and engineering feats when the French and Japanese were head-to-head in designing the world’s fastest trains. And the Chinese have since then caught up. The Wikipedia article is a trove of trivia when it comes to speed and how records were achieved (or what they actually mean). In the table summary, I can spot quite a few ‘current world record’ labels… If by the time you finish reading the article, your head is not spinning one way or the other, […]