Ready to roll at the Cloud Identity Summit 2013, Napa #CISNapa

It’s already day 2 of the Cloud Identity Summit. Day 1 focused on workshops and so will day 2 along with bootcamps and interops including workshops on Microsoft Identity & the Cloud. Standards will be hailed like never before: OAuth 2.0, OpenID Connect, and SCIM will be represented in a standards-focused workshop while SAML, the star of the conference, will be highlighted in a hands-on demo of PingFederate by John Da Silva. In the afternoon, I will have the privilege of completing the standards quintet as I take on my developer hat to talk about XACML, and the latest efforts around REST and JSON APIs / encoding for XACML 3.0. I will be uploading my slides later for those of […]

Access Control (or the lack thereof) in litterature: how not to implement border control…

I have started reading Hemingway’s masterpiece “Fiesta, the sun also rises” during my commute to/from work. Apart from being an interesting insight into post-war Europe, it also gave a brilliant example of access control being overturned… Just then an old man with long, sunburned hair and beard, and clothes that looked as though they were made of gunny- sacking, came striding up to the bridge. He was carrying a long staff, and he had a kid slung on his back, tied by the four legs, the head hanging down. The carabineer waved him back with his sword. The man turned without saying anything, and started back up the white road into Spain. “What’s the matter with the old one?” I […]

XACML 101 – a quick intro to Attribute-based Access Control with XACML

Acronym XACML: eXtensible Access Control Markup Language. Highlights XACML: is XML: you can actually read and write XACML with your favorite text editor (not that I would recommend writing XACML that way). is human-readable and verbose enough for users to get an understanding of what it’s doing belongs to the OASIS family of standards. You can download the latest standard material here. is eXtensible: you can add profiles to cater for specific scenarios e.g. a profile for hierarchical resources, for role-based access control, for export control… is about access control: authorizing who can do what when and how implements ABAC, attribute-based access control What’s ABAC? ABAC stands for attribute-based access control. It is a natural evolution from role-based access control […]