When OpenID meets XACML: externalize authentication and authorization from your business apps

Background About a year ago, a few months into my new job at Axiomatics, I pulled together a web-based app using J2EE (JSF, servlets, POJOs) and Icefaces (AJAXfied JSF) to illustrate fine-grained access control for web applications and portals. To secure the application, I used Tomcat’s authentication mechanism (its implementation of the HTTP FORM-based authentication protocol) and Axiomatics‘s off-the-shelf Authorization filter for servlets. What I then got – at zero development effort – was a sturdy, secure, finely-grained controlled web app where users could access certain pages and/or parts of pages based on the set of attributes a given user had potentially combined with attributes of the targeted resource (the page, the portlet, the individual GUI element of the page…), […]

DSML: new XACML transport binding for e-healthcare projects

Readers of this blog and avid followers of the XACML TC will of course remember that the XACML standard does not provide any particular transport binding for its request / response protocol making XACML a particularly loosely coupled and versatile standard. To date, the XACML TC has defined one profile, the SAML 2.0 Profile of XACML, which does offer the means to transport XACML requests and responses inside a signed SAML assertion. But it is possibly not enough for all deployments and there has been a lot of buzz around a REST-based transport binding. A few years ago, Axiomatics was chosen to implement XACML-based fine-grained authorization for patient data in the National Patient Record service in Sweden. The idea is […]

charts on black wooden table - XML visualization with Ajax

XACML 102 – Pimp my XACML – Part III: XSLT, Ajax, and stats

In a previous installment of ‘Pimp My XACML’, we illustrated how a bit of XSLT magic could actually change the structure of a XACML policy to convert into another document such as an HTML page be it XML-compliant or not. What about XML visualization with Ajax? Today, we will push the tricks further and add a bit of AJAX magic as well as some basic statistics regarding our policy. For those of you who missed on the previous episode, check it out here. It describes how to run the samples using ant and xalan. Adding some stats to the XSLT This is the easy bit. All we need to do is count the number of items that match a certain […]

Axiomatics is recruiting a Java developer

Axiomatics (http://www.axiomatics.com/) is an exciting product company in the IT security space. It specializes in access control based on the XACML standard. As a Java programmer, you will have a leading role in developing new products and affect the technology choices in the company. Flexibility, commitment, and the will to take on various tasks are important qualities since we are a customer-focused company with large clients around the globe, in particular in the US and Europe. Axiomatics AB has its headquarters & development center in Stockholm. It also has an American branch that focuses on sales and marketing. Axiomatics is recruiting a Java developer

XACML 102 – Pimp my XACML – Part II: with XSLT

In my previous post on making XACML look pretty, we had a look at a very simple and easy way to add some colors / borders / general style to the XML via CSS. The CSS was interpreted by your browser and the result displayed there. CSS is simple and straightforward but it is also limited (not to mention it is probably not the most adequate tool for our purpose). The next level up is to use XSLT (part of the W3C XSL group of standards). At our level, in a very reductive and simple way, the key difference between CSS and XSLT is that CSS doesn’t touch the XML source. It merely adds style. XSLT, on the other hand, […]