black and gray laptop computer turned on

How does IAM apply to OWASP?

FYI I love acronyms: acronym soup, acronyms al dente, acronym au jus… Acronyms FTW. So, when I started working on a new article for the IDPro newsletter, it only felt natural to tackle OWASP and IAM. O’ What, you ask? Let’s dive right in. What’s IAM? Most of the readership here is familiar with IAM: Identity & Access Management. I’ll refer back to IDPro’s book of knowledge for definitions. Turn to the terminology section for the following: In short, Identity & Access Management (IAM) manages the identification, authentication, authorization, and access control of users and devices in an organization. It ensures the right people have access to the right resources at the right time, and that their actions are auditable. […]

green leafed plant

Why has the adoption of ABAC been so slow?

A short while ago, someone asked why ABAC has been so slow to adopt on Here’s my take below. Top 5 reasons ABAC has been slow to adapt But ABAC is still worth it… Everyone’s talking about it. Should you do it? I’m biased so I’ll say yes. But don’t take my word for it. Look at NIST’s Guide to Attribute Based Access Control (ABAC) Definition and Considerations, Gartner’s research, as well as Kuppinger Cole and Group 451. So how can you speed up ABAC adoption? Get Authentication Right First There are many reasons why ABAC hasn’t picked up as quickly. This year (2023), at the European Identity Conference and Identiverse, vendors, attendees, and analysts alike all said that […]

white standard LED signage mounted on wall

Announcing AuthZEN – the next iteration in authorization standards

Many of you will be familiar with Randall Munroe’s fantastic xkcd cartoon site. He’s even got a strip for what I’m going to talk about… Standards. I’d been a member and editor of the XACML Technical Committee for about a decade until I decided to move on to the world of Consumer Identity (CIAM) before returning a few months ago to my first love. In the time I was away, new standards emerged (Rego, Oso, Cedar, Zanzibar) and so it felt about time I hopped onto the standardization bandwagon again to promote and streamline authorization. Lo and Behold AuthZEN. My peers Atul Tulshibagwale (SGNL) and Omri Gazitt (Aserto) gave this excellent presentation on the goals of the AuthZEN WG at […]

grapes vineyard vine purple grapes

Ready to roll at the Cloud Identity Summit 2013, Napa #CISNapa

It’s already day 2 of the Cloud Identity Summit 2013. Day 1 focused on workshops and so will day 2 along with bootcamps and interops including workshops on Microsoft Identity & the Cloud. Standards will be hailed like never before: OAuth 2.0, OpenID Connect, and SCIM will be represented in a standards-focused workshop while SAML, the star of the conference, will be highlighted in a hands-on demo of PingFederate by John Da Silva.In the afternoon, I will have the privilege of completing the standards quintet as I take on my developer hat to talk about XACML, and the latest efforts around REST and JSON APIs / encoding for XACML 3.0. I will be uploading my slides later for those of […]