authorization Archives - Harvesting web technologies

The year of authorization: lessons learned from Identiverse 2023

Originally published on IDPro. For the first time ever, Identiverse headed to Vegas for its annual conference. It was a hit, as always, and judging by the agenda, some of the hot topics were passwordless authentication, AI, and last but definitely not least, authorization. My eyes were gleaming! We’re making authorization great again! Much Ado about Authorization I was delighted to see so much activity around authorization, both in the standards track, the vendor track, and the keynotes. On the floor, we had a slew of newer vendor booths tackling the authorization challenge, from Aserto to Indykite. All sources of inspiration. There was no shortage of authorization-related talks either: As You Like It One of the main challenges with ‘authorization’ […]

colorful busts placed in store - Attribute-based access control

Identity and Access Management

Why does attribute-based access control matter?

Attribute-based access control is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes.

XACML Reference Library

What is a XACML target?

Today’s Friday, the weather has been amazingly nice these past few weeks in Stockholm which is all the more surprising since September is on the slope down to darker, wetter, and colder days. The weekend ahead looks promising. I’ll be heading out to fellow colleague, Andreas’ summer house out in the archipelago. But before I walk out the door, I thought I’d share a bit of XACML know-how to chew on over the next couple of days. In the training sessions we regularly give at Axiomatics, attendees often ask what a target is. XACML Target Definition A target is an element of the XACML policy language. It can occur in policy sets, policies, and rules. The target is used to […]

Identity and Access Management

Ready to roll at the Cloud Identity Summit 2013, Napa #CISNapa

It’s already day 2 of the Cloud Identity Summit 2013. Day 1 focused on workshops and so will day 2 along with bootcamps and interops including workshops on Microsoft Identity & the Cloud. Standards will be hailed like never before: OAuth 2.0, OpenID Connect, and SCIM will be represented in a standards-focused workshop while SAML, the star of the conference, will be highlighted in a hands-on demo of PingFederate by John Da Silva.In the afternoon, I will have the privilege of completing the standards quintet as I take on my developer hat to talk about XACML, and the latest efforts around REST and JSON APIs / encoding for XACML 3.0. I will be uploading my slides later for those of […]

XACML Bites

Call out to a XACML Policy Decision Point (PDP) from PHP

Today, I have the pleasure to invite a fellow colleague, Patrick McDowell, to post on my blog. Today’s topic is around reaching out to other languages other than just Java and C# for XACML-based authorization. Today’s choice? PHP, naturellement as both Patrick and I are huge WordPress fans. If you have been programming in PHP it is very likely that you have interacted with an external authentication service. For example Google and Facebook provide external authentication services that people can use to allow other providers to authenticate users for you using standard protocols such as SAML, OAuth, and OpenID. Once a user has been authenticated, we then need to determine what that user is authorized to do inside of an […]