Here's my top 20 talks on authorization at Identiverse (plus a few bonus ones). The post Identiverse Authorization Talks – Identiverse Agenda appeared first on Harvesting web technologies.| Harvesting web technologies
FYI I love acronyms: acronym soup, acronyms al dente, acronym au jus… Acronyms FTW. So, when I started working on a new article for the IDPro newsletter, it only felt natural to tackle OWASP and IAM. O’ What, you ask? Let’s dive right in. What’s IAM? Most of the readership here is familiar with IAM: Identity & Access Management. I’ll refer back to IDPro’s book of knowledge for definitions. Turn to the terminology section for the following: In short, Identity & Access Management (I...| Harvesting web technologies
A short while ago, someone asked why ABAC has been so slow to adopt on https://security.stackexchange.com/. Here’s my take below. Top 5 reasons ABAC has been slow to adapt But ABAC is still worth it… Everyone’s talking about it. Should you do it? I’m biased so I’ll say yes. But don’t take my word for it. Look at NIST’s Guide to Attribute Based Access Control (ABAC) Definition and Considerations, Gartner’s research, as well as Kuppinger Cole and Group 451. So how can you speed ...| Harvesting web technologies
Many of you will be familiar with Randall Munroe’s fantastic xkcd cartoon site. He’s even got a strip for what I’m going to talk about… Standards. I’d been a member and editor of the XACML Technical Committee for about a decade until I decided to move on to the world of Consumer Identity (CIAM) before returning a few months ago to my first love. In the time I was away, new standards emerged (Rego, Oso, Cedar, Zanzibar) and so it felt about time I hopped onto the standardization band...| Harvesting web technologies
Originally published on IDPro. For the first time ever, Identiverse headed to Vegas for its annual conference. It was a hit, as always, and judging by the agenda, some of the hot topics were passwordless authentication, AI, and last but definitely not least, authorization. My eyes were gleaming! We’re making authorization great again! Much Ado about Authorization I was delighted to see so much activity around authorization, both in the standards track, the vendor track, and the keynotes. On...| Harvesting web technologies
This morning, I woke up, got breakfast ready for my three-year-old, sat down at my desk and wondered: “what if Dr. Seuss had written about ABAC?” Don’t ask me why… Maybe because I’d been reading I Am Not Going to Get Up Today! to my kid the night before. Who knows? Oh, and if you’re wondering what ABAC is, it’s attribute-based access control. Fortunately, we live in a day and age where ChatGPT can pretty much fulfill our wildest dreams and so, without further ado, here’s what ...| Harvesting web technologies
Attribute-based access control is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. The post Why does attribute-based access control matter? appeared first on Harvesting web technologies.| Harvesting web technologies
TL;DR; Policy-based access control (PBAC) and attribute-based access control (ABAC) are exactly the same thing. They enable fine-grained access control or authorization. Lately, customers have been asking me about the difference between externalized authorization, attribute-based access control (ABAC), and policy-based access control (PBAC). These are in fact all different ways of describing roughly the same thing: a better approach to tackling fine-grained authorization challenges in a way t...| Harvesting web technologies
In a previous blog post, I mentioned that I was working on a conversion script for a client to migrate XACML 1.1 policies to XACML 3.0. There are several ways this could be achieved. Here are the ways I have thought of: Use XSLT to convert from the XACML 1.1 schema to the XACML 3.0 schema. This is possibly a purist’s way of approaching this. However support for XSLT has not always been great and it requires a lot of XML, XPath, and XSLT know-how. Use the Java DOM model to parse XACML 1.1 XM...| Harvesting web technologies
This post was originally published on Identiverse’s blog following the 2018 edition of their conference. Background A few weeks ago, I had the pleasure to talk at the European Identity Conference on a topic that is close to my heart: authorization. More specifically, I discussed how the evolving IT landscape requires an even finer grained authorization framework to be able to deliver value to consumers as a whole. In a later session, I took part in a panel entitled “How will Authorization...| Harvesting web technologies