Upload
david-brossard
View
1.451
Download
0
Tags:
Embed Size (px)
DESCRIPTION
In this panel hosted by Ian Glazer, my colleague Gerry Gebel introduces the audience to XACML and its latest developments including REST, JSON, and more developer-friendly initiatives.
Citation preview
Is XACML a Classic?Gerry Gebel
@ggebel
XACML 3.0 isapproved
10 vendors
5 end-user
orgs
Open source options
Who’s the XACML Technical Committee?
RSA 2013Interop
When will Catalyst host the next interop?
StandardizedXACML is a Authorization language
CentralizedXACML enables Authorization
Attributebased
XACML implements Access Control
Check out the NIST Special Publication 800-162 on ABAC
Policybased
XACML is a Access Control language
eXtensibleThe XACML language & architecture is
Fine grainedXACML allows for Authorization scenarios
Does this XML make me
look fat?
<xml/>
XACMLJSON Profile
84%smaller
Character Count0
200
400
600
800
1000
1200
1400
XMLJSON
REST Profileof XACML
Three Implementations
already
JSON
XML
ProtectIn-depth
XACML lets you SPF 5 to 50
ImplementSegregation
Of Duty
Managers can approve a transaction
if and only if they did not initiate it
if and only if user.id != creator id
Easily with XACML rules & attributes
InheritMultiple
Rules
Managers can approve a transaction
if and only if they did not initiate it
And if it’s between 9am and 5pm
And the amount is under the user’s limit
XACML lets you And combine them into a single set
Device-awareXACML enables authorization for BYOD
,kill
the
comma(the semi-colon too)
Ian Glazer once claimed: “Kill IAM to save it”
a happy relationship
XACML helps you build that lasts generations
XACML & OAuth
OAuth 2.0
XACML
XACML & SCIM
XACML & SAML