SlideShare una empresa de Scribd logo

Axiomatics webinar 13 june 2013 shared

Finn Frisch
Finn Frisch

These are the presentation slides from the Axiomatics webinar on June 13. A recording of the webinar with audio can be viewed at www.axiomatics.com/videos-and-webinars

Tecnología
1 de 43
Webinar: Preparing your applications for externalized authorization
Twitter @axiomatics @srijith #XACML 2
Axiomatics in brief Common authorization patterns - background Externalizing authorization XACML APS Developer Edition – Introduction and demo Questions and Answer session Agenda 3
Focus area Externalized authorization XACML standard Company background R&D since 2000 Axiomatics founded in 2006 OASIS XACML Technical Committee Member since 2005 Editorial responsibilities Products implementing XACML 2.0 and 3.0 The largest deployments world-wide Axiomatics in brief 4
APS Developer Edition Non-production use Aimed at reducing lead time to use XACML Enabling devs. to easily use XACML in their apps Interested? Contact sales@axiomatics.com More Editions to follow – stay tuned Srijith Nair – Axiomatics Developer Relations 5 Today’s webinar – drivers
© 2013, Axiomatics AB Preparing your applications for externalized authorization Srijith Nair June 13, 2013 6
© 2013, Axiomatics AB In the olden days, authorization was about Who? 7
© 2013, Axiomatics AB Authorization should really be about… When?What? How?Where?Who? Why? 8
© 2013, Axiomatics AB Access Control List (ACL) Resource centric Permissions attached to objects Specifies which subject has access Role-Based Access Control (RBAC) User Centric Widely adopted Well understood Industry-standard around it Simple But…. Authorization Approaches User  Role(s)  Permission(s) Role 1 Role 2 P P P P P P 9
© 2013, Axiomatics AB Static, predefined, inflexible Does not extend beyond user Doesn’t scale Role explosion Difficult to define fine-grained access control rules How would one implement the rule: Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship Where’s the role? Doctor What’s a patient? A record? A care relationship? Problem with RBAC? 10
© 2013, Axiomatics AB Pull out the highlighter What if we were not limited to roles? Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship It is all about Attributes, Attributes, Attributes! 11
© 2013, Axiomatics AB Attributes Are sets of labels or properties Describe all aspects of entities that must be considered for authorization purposes Attribute-Based Access Control (ABAC) uses attributes as building blocks in a structured language used to define access control rules and to describe access requests Attribute-based access control 12
© 2013, Axiomatics AB ABAC vs. RBAC Role-Based Access Control Attribute-Based Access Control User  Role  Permissions User + Action + Resource + Context Attributes Policies Static & pre-defined Dynamic & Adaptive Role 1 Role 2 P P P P P P 13
© 2013, Axiomatics AB Declarative: Security roles, constrains are added to deployment descriptor of application (e.g. in J2EE, web constraints are added to web.xml, EJB constraints into ejb-jar.xml) Configured during assembly stage, enforced by security runtime Usually rely on roles Programmatic: Enforcement of AuthZ is written in the code Gives app developers more control JACC interface can be used to make calls to external AuthZ providers Declarative vs. Programmatic AuthZ 14
© 2013, Axiomatics AB Future-Proofing Authorization External from Applications Standards- Compliant Authorization Service Fine- Grained Context-Aware Attribute-based Access Control Externalized AuthZ 15
© 2013, Axiomatics AB Externalizing Authorization 16
© 2013, Axiomatics AB Consider distributed or multi-tiered apps Consider SOA, Cloud services AuthZ needs to be done at several tiers, places Move similar, often-used AuthZ code to own layer Some progress, but Different programming patterns Frameworks providing coarse-grained AuthZ Fine-grained AuthZ still in code Need for Externalizing AuthZ 17
© 2013, Axiomatics AB A multitude of Authorization Frameworks CanCan Microsoft Claims SalesForce PermissionSet Spring Security Rails AuthZ Python Fedora Flask-Auth Slim for PHP 18
© 2013, Axiomatics AB Cons They are specific to their language They are not standards-based Their capabilities are at times limited They require subject matter expertise They are expensive Pros It’s the right step towards fine-grained authorization It’s the right step towards externalizing authorization What’s with native authorization frameworks? 19
© 2013, Axiomatics AB Enter XACML 20
© 2013, Axiomatics AB eXtensible Access Control Markup Language Prominent ABAC system OASIS standard V 3.0 approved in January 2013 V 1.0 approved in 2003 (10 years ago!) XACML is expressed as a specification document Provides profiles for developers: JSON REST http://www.oasis-open.org/committees/xacml/ 21 What is XACML?
© 2013, Axiomatics AB 22 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
© 2013, Axiomatics AB The XACML Architecture 23 Manage Policy Administration Point Decide Policy Decision Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point
© 2013, Axiomatics AB XACML Architecture Flow 24 Decide Policy Decision Point Manage Policy Administration Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point Access Document #123 Access Document #123 Can Alice access Document #123? Yes, Permit Load XACML policies Retrieve user role, clearance and document classification
© 2013, Axiomatics AB 25 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
© 2013, Axiomatics AB 3 structural elements PolicySet Policy Rule Root: either PolicySet or Policy PolicySets contain any number of PolicySets & Policies Policies contain Rules Rules contain an Effect: Permit / Deny Combining Algorithms for Rules and Policies 26 Language Elements of XACML
© 2013, Axiomatics AB Root Policy Set PolicySet Policy Rule Effect=Permit Rule Effect = Deny PolicySet Policy Rule Effect = Permit 27 Sample XACML Policy
© 2013, Axiomatics AB 28 Language Structure: Russian dolls PolicySet, Policy & Rule can contain Targets Obligations Advice Rules can contain Conditions Policy Set Policy Rule Effect=Permit Target Target Target Obligation Obligation Obligation Condition
© 2013, Axiomatics AB 29 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
© 2013, Axiomatics AB Environment Subject Action Resource Environment Action Resource Subject 30 Request and Response It’s all about Attributes! ABAC Represented in XML XACML Policies XACML Request XACML Response
© 2013, Axiomatics AB Req/Resp XACML and PEP ENFORCE STOP ANALYZE FORWARD ES A F 31
© 2013, Axiomatics AB What are you protecting? What architecture? What framework? J2EE? Web app server  Servlet filter Web services  JAX-WS Enterprise Service Bus? Apache Service Mix  Interceptors IIS?  ISAPI filter XML gateway?  Custom vendor assertion 32 Stop the message: the form factor S
© 2013, Axiomatics AB Map from ‘native attributes’ to XACML attributes Two types of attributes Attributes in the message Message headers SOAPAction HTTP method Target URI… Message payload Transaction amount Attribute in the environment / framework Time of the day Analyze the message: extract attributes A 33
© 2013, Axiomatics AB Extract Attributes - Example POST /login.jsp HTTP/1.1 Host: www.mysite.com User-Agent: Mozilla/4.0 Content-Length: 27 Content-Type: application/x-www-form-urlencoded userid=joe <?xml version="1.0" encoding="UTF-8"?> <xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POST </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">login.jsp </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">joe </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> </xacml-ctx:Request> Via the HTTPServletObject 34
© 2013, Axiomatics AB How is the PDP exposed? In-process? RMI? JSON? SOAP? … Create a XACML request and insert it inside the right “transporter” Java XACML request and pass to the API method Java XACML request serialized using RMI JSON payload and send as HTTP(S) request XML XACML request inside SOAP message and send as HTTP request … Forward access control request to the PDP Req/Resp F 35
© 2013, Axiomatics AB Permit / Deny / Not Applicable / Indeterminate Check the bias Apply obligations & advice Log access in the central log repository Send notification email Filter out some data from the response Enforce: receive the PDP decision and act E 36
© 2013, Axiomatics AB APS Developer Edition 37
© 2013, Axiomatics AB “(…)is an aggregate product that aims to simplify the process of working with Axiomatics products. It is primarily intended for developers and is designed to enable a quick and easy setup of the APS environment. The Developer Edition contains the standard releases of APS and other Axiomatics software of relevance to developers in a complete, self-contained and easy-to-install package.” For non-production use only What is APS Developer Edition? 38
© 2013, Axiomatics AB APS components - ASM, PDP, PAP PEP SDK for Java and ALFA packages Sample demo application and XACML policy Sample Eclipse projects for JSP demo application JSP PEP Java PEP ALFA PAP workspace Single Tomcat for ASM, PDP and demo application Simplified initialization and management scripts What it contains 39
© 2013, Axiomatics AB APS Developer Edition does not include: Eclipse distribution Java distribution APS Developer Resources Anything else not mentioned in previous slide  What it does not contain 40
© 2013, Axiomatics AB Quick Start Guide 41
© 2013, Axiomatics AB Demo 42
© 2013, Axiomatics AB Questions? Contact us at info@axiomatics.com

Recomendados

OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...David Brossard
 
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignEIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignDavid Brossard
 
MuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration ArchitectureMuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration ArchitectureKim Clark
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
 
Implementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAFImplementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAFSteven Davelaar
 
Service as-a-software
Service as-a-softwareService as-a-software
Service as-a-softwareJean-Jacques Dubray
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 

Recomendados

OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...David Brossard
 
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignEIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignDavid Brossard
 
MuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration ArchitectureMuCon 2015 - Microservices in Integration Architecture
MuCon 2015 - Microservices in Integration ArchitectureKim Clark
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
 
Implementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAFImplementing Data Caching and Data Synching Using Oracle MAF
Implementing Data Caching and Data Synching Using Oracle MAFSteven Davelaar
 
Service as-a-software
Service as-a-softwareService as-a-software
Service as-a-softwareJean-Jacques Dubray
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureWSO2
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architectgemziebeth
 
Oracle UCM Implementation Patterns
Oracle UCM Implementation PatternsOracle UCM Implementation Patterns
Oracle UCM Implementation PatternsBrian Huff
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Alicja Sieminska
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...WSO2
 
Managing the cloud
Managing the cloudManaging the cloud
Managing the cloudFrancesco Orlando
 
Building enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioBuilding enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioKim Clark
 
Differentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersDifferentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersKim Clark
 
ADF Development Survival Kit
ADF Development Survival KitADF Development Survival Kit
ADF Development Survival Kitandrejusb
 
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co... The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...Lucas Jellema
 
Upcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportUpcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportSteven Davelaar
 
A JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionA JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionCITYTECH, Inc.
 
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Lucas Jellema
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0Mohamed Atef
 
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesComposite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesMike Walker
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014Nguyen Tung
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Finn Frisch
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Finn Frisch
 

Más contenido relacionado

La actualidad más candente

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...Kim Clark
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureWSO2
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architectgemziebeth
 
Oracle UCM Implementation Patterns
Oracle UCM Implementation PatternsOracle UCM Implementation Patterns
Oracle UCM Implementation PatternsBrian Huff
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Alicja Sieminska
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...WSO2
 
Building enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioBuilding enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioKim Clark
 
Differentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersDifferentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersKim Clark
 
ADF Development Survival Kit
ADF Development Survival KitADF Development Survival Kit
ADF Development Survival Kitandrejusb
 
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co... The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...Lucas Jellema
 
Upcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportUpcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportSteven Davelaar
 
A JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionA JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionCITYTECH, Inc.
 
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Lucas Jellema
 
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesComposite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesMike Walker
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014Nguyen Tung
 

La actualidad más candente (20)

The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric Architecture
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
 
Oracle UCM Implementation Patterns
Oracle UCM Implementation PatternsOracle UCM Implementation Patterns
Oracle UCM Implementation Patterns
 
Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...Kluczowe elementy infrastruktury...
Kluczowe elementy infrastruktury...
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
 
Managing the cloud
Managing the cloudManaging the cloud
Managing the cloud
 
Building enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolioBuilding enterprise depth APIs with the IBM hybrid integration portfolio
Building enterprise depth APIs with the IBM hybrid integration portfolio
 
Differentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it mattersDifferentiating between web APIs, SOA, & integration …and why it matters
Differentiating between web APIs, SOA, & integration …and why it matters
 
ADF Development Survival Kit
ADF Development Survival KitADF Development Survival Kit
ADF Development Survival Kit
 
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co... The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
The mobilization of SOA Suite - the rise of REST (ADF Enterprise Mobility Co...
 
Upcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST supportUpcoming JDeveloper ADF Business Components REST support
Upcoming JDeveloper ADF Business Components REST support
 
A JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business ExecutionA JBoss Enterprise Middleware Solution to Improving Business Execution
A JBoss Enterprise Middleware Solution to Improving Business Execution
 
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
Web- and Mobile-Oriented Architectures with Oracle Fusion Middleware (OOW 2014)
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0
 
Composite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business ArchitecturesComposite Applications Speaking Tour - Lap Around Office Business Architectures
Composite Applications Speaking Tour - Lap Around Office Business Architectures
 
SaaS Introduction-May2014
SaaS Introduction-May2014SaaS Introduction-May2014
SaaS Introduction-May2014
 

Destacado

Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Finn Frisch
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Finn Frisch
 
Assis informa Gener 2013
Assis informa Gener 2013Assis informa Gener 2013
Assis informa Gener 2013lesgolfesa6
 
Business Survival Tips - in a tough economy
Business Survival Tips - in a tough economyBusiness Survival Tips - in a tough economy
Business Survival Tips - in a tough economyPeter Bolgann
 
Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012tundivas
 
9 things you must be doing with your content marketing
9 things you must be doing with your content marketing9 things you must be doing with your content marketing
9 things you must be doing with your content marketingDaniel Oyston
 
Rupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policyRupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policyarnadkarni
 
現代数理統計 7章
現代数理統計 7章現代数理統計 7章
現代数理統計 7章tara_nai
 
μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1dimdemenika
 
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner TeamPresentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Teamelifeid
 
2 d character idea
2 d character idea2 d character idea
2 d character ideaDaniel1Nye
 
How To Come Up With Content Marketing Topics
How To Come Up With Content Marketing TopicsHow To Come Up With Content Marketing Topics
How To Come Up With Content Marketing TopicsDaniel Oyston
 
ε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slideshareε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slidesharedimdemenika
 

Destacado (20)

Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
 
Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?Do you have a business case for Attribute Based Access Control (ABAC)?
Do you have a business case for Attribute Based Access Control (ABAC)?
 
Assis informa Gener 2013
Assis informa Gener 2013Assis informa Gener 2013
Assis informa Gener 2013
 
Task 2
Task 2Task 2
Task 2
 
Business Survival Tips - in a tough economy
Business Survival Tips - in a tough economyBusiness Survival Tips - in a tough economy
Business Survival Tips - in a tough economy
 
Спомени за Бръшлян
Спомени за БръшлянСпомени за Бръшлян
Спомени за Бръшлян
 
Animator
AnimatorAnimator
Animator
 
Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012Slaid duta bahasa p5 2012
Slaid duta bahasa p5 2012
 
Баба Марта е дошла
Баба Марта е дошла Баба Марта е дошла
Баба Марта е дошла
 
Governance and the audit committee
Governance and the audit committeeGovernance and the audit committee
Governance and the audit committee
 
9 things you must be doing with your content marketing
9 things you must be doing with your content marketing9 things you must be doing with your content marketing
9 things you must be doing with your content marketing
 
Rupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policyRupee voltility, twin deficits and exchange rate policy
Rupee voltility, twin deficits and exchange rate policy
 
現代数理統計 7章
現代数理統計 7章現代数理統計 7章
現代数理統計 7章
 
μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1μαγαζακι (Excel) στ1
μαγαζακι (Excel) στ1
 
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner TeamPresentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
Presentasi Bisnis E-Life oleh Ir. Johannes Susilo - The Winner Team
 
2 d character idea
2 d character idea2 d character idea
2 d character idea
 
How To Come Up With Content Marketing Topics
How To Come Up With Content Marketing TopicsHow To Come Up With Content Marketing Topics
How To Come Up With Content Marketing Topics
 
ε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slideshareε2 τα εξοδα μου excel slideshare
ε2 τα εξοδα μου excel slideshare
 
Kedua maria
Kedua mariaKedua maria
Kedua maria
 
Genre and our work; hw
Genre and our work; hwGenre and our work; hw
Genre and our work; hw
 

Similar a Axiomatics webinar 13 june 2013 shared

Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...ggebel
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleNordic APIs
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCloudIDSummit
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you areDavid Brossard
 
Fine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLFine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLDavid Brossard
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmassureshattanayake
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmassureshattanayake
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosWSO2
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
 
Oracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best PracticesOracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best PracticesRajesh Raheja
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAmazon Web Services
 
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09Rex Wang
 
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...David Brossard
 
AWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesAWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesIan Massingham
 
Extending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-FinalExtending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-FinalRohit Dhamija
 
AWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfHeitor Lessa
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Amazon Web Services
 

Similar a Axiomatics webinar 13 june 2013 shared (20)

Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...
 
Authorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the PuzzleAuthorization The Missing Piece of the Puzzle
Authorization The Missing Piece of the Puzzle
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization Standards
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
 
Fine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLFine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACML
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmasThe WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 
Building a SaaS using WSO2 Stratos
Building a SaaS using WSO2 StratosBuilding a SaaS using WSO2 Stratos
Building a SaaS using WSO2 Stratos
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
 
Oracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best PracticesOracle OpenWorld 2009 AIA Best Practices
Oracle OpenWorld 2009 AIA Best Practices
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
 
Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09Oracle Keynote Cloud Expo 11-04-09
Oracle Keynote Cloud Expo 11-04-09
 
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
 
AWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesAWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best Practices
 
Extending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-FinalExtending Enterprise Applications to mobile interfaces-Final
Extending Enterprise Applications to mobile interfaces-Final
 
AWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdf
 
uppada_kishore_resume (1)
uppada_kishore_resume (1)uppada_kishore_resume (1)
uppada_kishore_resume (1)
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)
 

Último

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Axiomatics webinar 13 june 2013 shared

  • 1. Webinar: Preparing your applications for externalized authorization
  • 3. Axiomatics in brief Common authorization patterns - background Externalizing authorization XACML APS Developer Edition – Introduction and demo Questions and Answer session Agenda 3
  • 4. Focus area Externalized authorization XACML standard Company background R&D since 2000 Axiomatics founded in 2006 OASIS XACML Technical Committee Member since 2005 Editorial responsibilities Products implementing XACML 2.0 and 3.0 The largest deployments world-wide Axiomatics in brief 4
  • 5. APS Developer Edition Non-production use Aimed at reducing lead time to use XACML Enabling devs. to easily use XACML in their apps Interested? Contact sales@axiomatics.com More Editions to follow – stay tuned Srijith Nair – Axiomatics Developer Relations 5 Today’s webinar – drivers
  • 6. © 2013, Axiomatics AB Preparing your applications for externalized authorization Srijith Nair June 13, 2013 6
  • 7. © 2013, Axiomatics AB In the olden days, authorization was about Who? 7
  • 8. © 2013, Axiomatics AB Authorization should really be about… When?What? How?Where?Who? Why? 8
  • 9. © 2013, Axiomatics AB Access Control List (ACL) Resource centric Permissions attached to objects Specifies which subject has access Role-Based Access Control (RBAC) User Centric Widely adopted Well understood Industry-standard around it Simple But…. Authorization Approaches User  Role(s)  Permission(s) Role 1 Role 2 P P P P P P 9
  • 10. © 2013, Axiomatics AB Static, predefined, inflexible Does not extend beyond user Doesn’t scale Role explosion Difficult to define fine-grained access control rules How would one implement the rule: Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship Where’s the role? Doctor What’s a patient? A record? A care relationship? Problem with RBAC? 10
  • 11. © 2013, Axiomatics AB Pull out the highlighter What if we were not limited to roles? Doctors should be able to view the records of patients assigned to their unit and edit the records of those patients with whom they have a care relationship It is all about Attributes, Attributes, Attributes! 11
  • 12. © 2013, Axiomatics AB Attributes Are sets of labels or properties Describe all aspects of entities that must be considered for authorization purposes Attribute-Based Access Control (ABAC) uses attributes as building blocks in a structured language used to define access control rules and to describe access requests Attribute-based access control 12
  • 13. © 2013, Axiomatics AB ABAC vs. RBAC Role-Based Access Control Attribute-Based Access Control User  Role  Permissions User + Action + Resource + Context Attributes Policies Static & pre-defined Dynamic & Adaptive Role 1 Role 2 P P P P P P 13
  • 14. © 2013, Axiomatics AB Declarative: Security roles, constrains are added to deployment descriptor of application (e.g. in J2EE, web constraints are added to web.xml, EJB constraints into ejb-jar.xml) Configured during assembly stage, enforced by security runtime Usually rely on roles Programmatic: Enforcement of AuthZ is written in the code Gives app developers more control JACC interface can be used to make calls to external AuthZ providers Declarative vs. Programmatic AuthZ 14
  • 15. © 2013, Axiomatics AB Future-Proofing Authorization External from Applications Standards- Compliant Authorization Service Fine- Grained Context-Aware Attribute-based Access Control Externalized AuthZ 15
  • 16. © 2013, Axiomatics AB Externalizing Authorization 16
  • 17. © 2013, Axiomatics AB Consider distributed or multi-tiered apps Consider SOA, Cloud services AuthZ needs to be done at several tiers, places Move similar, often-used AuthZ code to own layer Some progress, but Different programming patterns Frameworks providing coarse-grained AuthZ Fine-grained AuthZ still in code Need for Externalizing AuthZ 17
  • 18. © 2013, Axiomatics AB A multitude of Authorization Frameworks CanCan Microsoft Claims SalesForce PermissionSet Spring Security Rails AuthZ Python Fedora Flask-Auth Slim for PHP 18
  • 19. © 2013, Axiomatics AB Cons They are specific to their language They are not standards-based Their capabilities are at times limited They require subject matter expertise They are expensive Pros It’s the right step towards fine-grained authorization It’s the right step towards externalizing authorization What’s with native authorization frameworks? 19
  • 20. © 2013, Axiomatics AB Enter XACML 20
  • 21. © 2013, Axiomatics AB eXtensible Access Control Markup Language Prominent ABAC system OASIS standard V 3.0 approved in January 2013 V 1.0 approved in 2003 (10 years ago!) XACML is expressed as a specification document Provides profiles for developers: JSON REST http://www.oasis-open.org/committees/xacml/ 21 What is XACML?
  • 22. © 2013, Axiomatics AB 22 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
  • 23. © 2013, Axiomatics AB The XACML Architecture 23 Manage Policy Administration Point Decide Policy Decision Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point
  • 24. © 2013, Axiomatics AB XACML Architecture Flow 24 Decide Policy Decision Point Manage Policy Administration Point Support Policy Information Point Policy Retrieval Point Enforce Policy Enforcement Point Access Document #123 Access Document #123 Can Alice access Document #123? Yes, Permit Load XACML policies Retrieve user role, clearance and document classification
  • 25. © 2013, Axiomatics AB 25 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
  • 26. © 2013, Axiomatics AB 3 structural elements PolicySet Policy Rule Root: either PolicySet or Policy PolicySets contain any number of PolicySets & Policies Policies contain Rules Rules contain an Effect: Permit / Deny Combining Algorithms for Rules and Policies 26 Language Elements of XACML
  • 27. © 2013, Axiomatics AB Root Policy Set PolicySet Policy Rule Effect=Permit Rule Effect = Deny PolicySet Policy Rule Effect = Permit 27 Sample XACML Policy
  • 28. © 2013, Axiomatics AB 28 Language Structure: Russian dolls PolicySet, Policy & Rule can contain Targets Obligations Advice Rules can contain Conditions Policy Set Policy Rule Effect=Permit Target Target Target Obligation Obligation Obligation Condition
  • 29. © 2013, Axiomatics AB 29 What does XACML contain? XACML Reference Architecture Policy Language Request / Response Protocol
  • 30. © 2013, Axiomatics AB Environment Subject Action Resource Environment Action Resource Subject 30 Request and Response It’s all about Attributes! ABAC Represented in XML XACML Policies XACML Request XACML Response
  • 31. © 2013, Axiomatics AB Req/Resp XACML and PEP ENFORCE STOP ANALYZE FORWARD ES A F 31
  • 32. © 2013, Axiomatics AB What are you protecting? What architecture? What framework? J2EE? Web app server  Servlet filter Web services  JAX-WS Enterprise Service Bus? Apache Service Mix  Interceptors IIS?  ISAPI filter XML gateway?  Custom vendor assertion 32 Stop the message: the form factor S
  • 33. © 2013, Axiomatics AB Map from ‘native attributes’ to XACML attributes Two types of attributes Attributes in the message Message headers SOAPAction HTTP method Target URI… Message payload Transaction amount Attribute in the environment / framework Time of the day Analyze the message: extract attributes A 33
  • 34. © 2013, Axiomatics AB Extract Attributes - Example POST /login.jsp HTTP/1.1 Host: www.mysite.com User-Agent: Mozilla/4.0 Content-Length: 27 Content-Type: application/x-www-form-urlencoded userid=joe <?xml version="1.0" encoding="UTF-8"?> <xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POST </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">login.jsp </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"> </xacml-ctx:Attributes> <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="true"> <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">joe </xacml-ctx:AttributeValue> </xacml-ctx:Attribute> </xacml-ctx:Attributes> </xacml-ctx:Request> Via the HTTPServletObject 34
  • 35. © 2013, Axiomatics AB How is the PDP exposed? In-process? RMI? JSON? SOAP? … Create a XACML request and insert it inside the right “transporter” Java XACML request and pass to the API method Java XACML request serialized using RMI JSON payload and send as HTTP(S) request XML XACML request inside SOAP message and send as HTTP request … Forward access control request to the PDP Req/Resp F 35
  • 36. © 2013, Axiomatics AB Permit / Deny / Not Applicable / Indeterminate Check the bias Apply obligations & advice Log access in the central log repository Send notification email Filter out some data from the response Enforce: receive the PDP decision and act E 36
  • 37. © 2013, Axiomatics AB APS Developer Edition 37
  • 38. © 2013, Axiomatics AB “(…)is an aggregate product that aims to simplify the process of working with Axiomatics products. It is primarily intended for developers and is designed to enable a quick and easy setup of the APS environment. The Developer Edition contains the standard releases of APS and other Axiomatics software of relevance to developers in a complete, self-contained and easy-to-install package.” For non-production use only What is APS Developer Edition? 38
  • 39. © 2013, Axiomatics AB APS components - ASM, PDP, PAP PEP SDK for Java and ALFA packages Sample demo application and XACML policy Sample Eclipse projects for JSP demo application JSP PEP Java PEP ALFA PAP workspace Single Tomcat for ASM, PDP and demo application Simplified initialization and management scripts What it contains 39
  • 40. © 2013, Axiomatics AB APS Developer Edition does not include: Eclipse distribution Java distribution APS Developer Resources Anything else not mentioned in previous slide  What it does not contain 40
  • 41. © 2013, Axiomatics AB Quick Start Guide 41
  • 42. © 2013, Axiomatics AB Demo 42
  • 43. © 2013, Axiomatics AB Questions? Contact us at info@axiomatics.com