Authorization as a Calculated Risk

  • LANGUAGE: English DATE: Thursday, September 26, 2013 TIME: 4:00pm CEST, 10:00am EDT, 7:00am PDT
Upcoming Webinars
Access to corporate information often is based on binary, either/or propositions, without the context of an access request being taken into account. The level of assurance that the requesting person is who she claims to be is not determined, missing the opportunity of establishing a metric for the level of security of the connection. In the first part of this webinar, KuppingerCole Senior Analyst Dave Kearns, along with guests from Nok-Nok Labs and Certivox, will show you how going beyond passwords to a risk- and context-based authentication and authorization would help you to reach the next level, eventually even incorporating the value of the resource into the formula. If the resource is information, then the potential loss should that information be leaked also needs to be calculated. Once we´ve determined these factors, the access decision can be made: grant, deny, request further authentication or lower/raise the level of authorization.

As most applications today are not built in a way to take such information into account, Dave will in the second part of this webinar talk with Axiomatics about how to make applications incorporate and process the risk and context information.

Ideally we have applications that rely on externalized authorization systems, for instance (but not mandatorily) based on XACML. But most current applications and even most newly developed applications are not built based on such an advanced security architecture approach. Thus, workarounds and other solutions are required. One such is claims-based architectures where the authorization still is done within the application. Another is the use of gateway approaches such as XML gateways or Web Access Management, where the risk-based authorization is done. These are probably the most relevant ones when it comes to authorization, where the latter ones are coarse-grain.

Dave and his guests will discuss with you potential solutions and "application patterns" that show how this could look like and to which extent existing applications can be enhanced to support risk- and context-based authentication without code customization (non-intrusive) or with coding (intrusive).


Speakers

Dave spent 10 years as a network manager, ending up as Information Services Manager for the former Thomas-Conrad Corporation (now part of Compaq ). In 1987, he was a founding SysOp of Novell's Novell Support Connection service on Compuserve and served as the first president of the Association...

Brian is co-founder of CertiVox and brings more than 20 years of experience in the information security industry. Brian began his career in cryptographic development at Silicon Valley’s first full disk encryption software company, which later became Guardian Edge and was acquired by...

Continuing Education Credits

After attending this webinar you will be able to:

  1. Create a risk matrix
  2. Quantify levels of assurance and value of resources
  3. Extract context metadata from browsers, or add context APIs to apps
  4. Create dynamic authorization transactions

This event qualifies for 1 Group Internet Based CPE

Prerequisites: None Advance Preparation: None Learning Level: Intermediate Field: Computer Science

Who should attend: CIOs, CISOs, IT Managers, and the project managers and IT professionals with 3 or more years’ experience.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry through its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our office's telephone +49 211 23707710, email: lk@kuppingercole.com

Watch now

Downloads

Presentation, KuppingerCole

Presentation, CertiVox

Presentation, Nok Nok Labs

Presentation, Axiomatics

Webcast download

Popular Webcasts

Next Webinar

Webinar

Compliance als Vorteil: Technische Anforderungen der GDPR für moderne digitale Unternehmen

Ohne Zweifel ist der 25. Mai 2018 im Kalender jedes IT-Spezialisten rot angestrichen. Denn an diesem Tag tritt die neue Datenschutz-Grundverordnung (General Data Protection Regulation, GDPR) in Kraft, welche die Art und Weise, in der personenbezogene Daten von in der EU ansässigen Unternehmen oder anderen Unternehmen, die in der Europäischen Union geschäftlich tätig sein möchten, behandelt werden, grundsätzlich verändert. Nachhaltig beeindruckt von den strengen Strafen, die im Rahmen der neuen Verordnung vorgesehen sind, sind Unternehmen eilig bemüht, sich auf die neuen rechtlichen, betrieblichen und technischen Herausforderungen vorzubereiten.

Next Conference

Conference

Consumer Identity World Europe 2017

Managing customer information in a digitally transformed economy with numerous business partners demanding access is one of the most significant challenges today, and it will continue to evolve rapidly. Besides that, the challenge is to offer user-friendly login procedures via social media accounts, passwords or biometric devices while securing and respecting personal data at the same time CIW Europe is a joint Event with our Partner CXP (Le Groupe CXP, Paris, France).

Become a Sponsor

Call

+49 211 23707710
Mo – Fr 8:00 – 17:00