Presentation is loading. Please wait.

Presentation is loading. Please wait.

XACML in real-world applications Doron Grinstein, CEO BiTKOO +1-818-985-4700 888-4-BiTKOO

Published byCornelius Green Modified over 9 years ago

Similar presentations

Presentation on theme: "XACML in real-world applications Doron Grinstein, CEO BiTKOO +1-818-985-4700 888-4-BiTKOO"— Presentation transcript:

1 XACML in real-world applications Doron Grinstein, CEO BiTKOO doron@bitkoo.com +1-818-985-4700 888-4-BiTKOO http://www.bitkoo.com www.oasis-open.org

2

3

4

5 You can apply security consistently Java Applications JSP, JSF, CXF Java Applications JSP, JSF, CXF.NET Applications ASP.Net, Silverlight, WCF, WPF.NET Applications ASP.Net, Silverlight, WCF, WPF SharePoint 2010 SQL Server Rows, columns, and cells in databases SQL Server Rows, columns, and cells in databases Apache Hosted Applications IIS Hosted Apps DB-2 Oracle Databases Networks MySQL Business processes, new applications, services…

6 www.oasis-open.org XACML Allows Security Consolidation “Data on client XYZ should be available in SharePoint to all non-legal staff only if the current date is after the gag order is lifted. Legal staff require full access, but we need to audit their activity to ensure data isn’t leaked.” Traditionally Multiple user interfacesIT had to be involved in policy changes Limitations on each application based on pre-defined model of security Code changes required to adapt to new security concepts XACML Use of a single interface to manage policies for all applications The business is empowered to make policy changes Express any security policy or rule Develop new security concepts without modifying existing applications

7 www.oasis-open.org XACML scales! XACML done right performs and scales to the cloud Attribute caching Decision caching Compiling policy to intermediate language XACML is stateless so it scales horizontally PDPs can be deployed with PEPs Combined with federation

8 www.oasis-open.org Business Users Should not see XML Some users might accept editing this But policies are typically more complex This code is used to express specific login times on a single server Products exist that help business users manage XACML by providing A graphical user interface (GUI) Simple API Web service API Command-line interface Domain-specific languages More to come..

9 www.oasis-open.org Leverage RBAC and ABAC “Data on client XYZ should be available in SharePoint to all non-legal staff only if the current date is after the gag order is lifted. Legal staff require full access, but we need to audit their activity to ensure data isn’t leaked. John Doe is the only non-legal exception, and must also have access.” “Exceptions” group defined in Active Directory John Doe Attribute definition of legal staff spans directories In Active Directory, Department = “Legal” AND in LDAP 3 DeptNum = 46 Gag order release date is defined in a custom-built legal application HushDate in custom SQL Database = ‘2011-06-28 04:00:00.000’

10 THANK YOU! Visit us on the web at http://www.bitkoo.comhttp://www.bitkoo.com

Download ppt "XACML in real-world applications Doron Grinstein, CEO BiTKOO +1-818-985-4700 888-4-BiTKOO"

Similar presentations

C6 Databases.

C6 Databases.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?

Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
UNIT-e Research & Development Microsoft Technology Day Stephen Cain (System Architect)

UNIT-e Research & Development Microsoft Technology Day Stephen Cain (System Architect)
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Lecture Microsoft Access and Relational Database Basics.

Lecture Microsoft Access and Relational Database Basics.
MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.

MI807: Database Systems for Managers Introduction –Course Goals & Schedule –Logistics –Syllabus Review Relational DBMS Basics –RDBMS Role in Applications.
500 Customers 2,000 Customers 4,000 Customers 7,000 Customers 8,500 Customers 10,500 Customers BizTalk Server 2000 Messaging XML tools XLang BizTalk.

500 Customers 2,000 Customers 4,000 Customers 7,000 Customers 8,500 Customers 10,500 Customers BizTalk Server 2000 Messaging XML tools XLang BizTalk.
Getting Started (Excerpts) Chapter One DAVID M. KROENKE’S DATABASE CONCEPTS, 2 nd Edition.

Getting Started (Excerpts) Chapter One DAVID M. KROENKE’S DATABASE CONCEPTS, 2 nd Edition.
ISYS 512 Business Application Design and Development with.Net David Chao.

ISYS 512 Business Application Design and Development with.Net David Chao.
Course Map The Java Programming Language Basics Object-Oriented Programming Exception Handling Graphical User Interfaces and Applets Multithreading Communications.

Course Map The Java Programming Language Basics Object-Oriented Programming Exception Handling Graphical User Interfaces and Applets Multithreading Communications.
J2EE Java 2 Enterprise Edition. Relevant Topics in The Java Tutorial Topic Web Page JDBC orial/jdbc

J2EE Java 2 Enterprise Edition. Relevant Topics in The Java Tutorial Topic Web Page JDBC orial/jdbc
Access to Azure EXTENDING OFFICE 365 INTO THE CLOUD George Young Dawson Butte Software SHAREPOINT SATURDAY DENVER 2015 – JANUARY.

Access to Azure EXTENDING OFFICE 365 INTO THE CLOUD George Young Dawson Butte Software SHAREPOINT SATURDAY DENVER 2015 – JANUARY.
Getting Started Chapter One DATABASE CONCEPTS, 7th Edition

Getting Started Chapter One DATABASE CONCEPTS, 7th Edition
Building and Deploying a Simple Web Application. Tomcat and JSP Tomcat is an application server, commonly used to host JSP applications Applications are.

Building and Deploying a Simple Web Application. Tomcat and JSP Tomcat is an application server, commonly used to host JSP applications Applications are.
PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.

PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.
Charlie Crocker Vice President Farallon Geographics, Inc. An Overview of Internet Mapping Technology.

Charlie Crocker Vice President Farallon Geographics, Inc. An Overview of Internet Mapping Technology.
Access Web Apps – OK, Now What? EXTENDING ACCESS WEB APPS George Young Dawson Butte Software ACCESS DAY – OCTOBER 2014 - DENVER,

Access Web Apps – OK, Now What? EXTENDING ACCESS WEB APPS George Young Dawson Butte Software ACCESS DAY – OCTOBER DENVER,
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.

Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.

Similar presentations

Ads by Google