Tag: IAM

grapes vineyard vine purple grapes
Identity and Access Management

Ready to roll at the Cloud Identity Summit 2013, Napa #CISNapa

It’s already day 2 of the Cloud Identity Summit 2013. Day 1 focused on workshops and so will day 2 along with bootcamps and interops including workshops on Microsoft Identity & the Cloud. Standards will be hailed like never before: OAuth 2.0, OpenID Connect, and SCIM will be represented in a standards-focused workshop while SAML, the star of the conference, will be highlighted in a hands-on demo of PingFederate by John Da Silva.In the afternoon, I will have the privilege of completing the standards quintet as I take on my developer hat to talk about XACML, and the latest efforts around REST and JSON APIs / encoding for XACML 3.0. I will be uploading my slides later for those of […]

Identity and Access Management

Access Control (or the lack thereof) in litterature: how not to implement border control…

I have started reading Hemingway’s masterpiece “Fiesta, the sun also rises” during my commute to/from work. Apart from being an interesting insight into post-war Europe, it also gave a brilliant example of access control being overturned… Just then an old man with long, sunburned hair and beard, and clothes that looked as though they were made of gunny- sacking, came striding up to the bridge. He was carrying a long staff, and he had a kid slung on his back, tied by the four legs, the head hanging down. The carabineer waved him back with his sword. The man turned without saying anything, and started back up the white road into Spain. “What’s the matter with the old one?” I […]

Free strawberry ice-cream melting image
XACML Bites

XACML 101 – A quick intro to Attribute-based Access Control with XACML

Acronym XACML: eXtensible Access Control Markup Language. Highlights XACML: What’s ABAC? ABAC stands for attribute-based access control. It is a natural evolution from role-based access control which itself is a natural evolution from access control lists. Access Control History in a Nutshell Once upon a time, there were access control lists. Once a user authenticated, its identity was known and could be used in such lists. Think of clubs and VIP lists. If you appear on a VIP list, the bouncer (enforcer) will let you in. It doesn’t matter what your role in life is… Then someone realized that the right to do something (authorizations, entitlements…) should rather be linked to a role. Bus drivers can drive public transport buses. […]