This article outlines well why externalized authorization policies are the way forward. What it does not really clarify is that authorization management does not really provide that much value if the full complexity of all access rules across the IT environment is essentially aggregated into one place. There are numerous vendors in this space, and I believe this is where XACML may eventually provide vendor interoperability.
The more interesting question is how to actually manage these policies, i.e. how to make these authorization/entitlement management solutions actually manageable. Neither XACML and "normal" authorization management solutions provide any support for actually reducing the complexity significantly. This topic is called "Model Driven Security" (www.modeldrivensecurity.org, www.modeldrivensecurity.com). Gartner has put this topic onto the hype cycle.
We are currently the only real vendor in this space with our OpenPMF 2.0 technology (www.openpmf.com). It uses the concepts of Model Driven Architecture actually allow you to generate the rules that go into authorization management systems (e.g. XACML).
This may clarify things somewhat.
Dr. Ulrich Lang
CEO ObjectSecurity – World Leader in Model Driven Security Management
www.objectsecurity.com
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
