Authorization as a Calculated Risk
- LANGUAGE: English DATE: Thursday, September 26, 2013 TIME: 4:00pm CEST, 10:00am EDT, 7:00am PDT
As most applications today are not built in a way to take such information into account, Dave will in the second part of this webinar talk with Axiomatics about how to make applications incorporate and process the risk and context information.
Ideally we have applications that rely on externalized authorization systems, for instance (but not mandatorily) based on XACML. But most current applications and even most newly developed applications are not built based on such an advanced security architecture approach. Thus, workarounds and other solutions are required. One such is claims-based architectures where the authorization still is done within the application. Another is the use of gateway approaches such as XML gateways or Web Access Management, where the risk-based authorization is done. These are probably the most relevant ones when it comes to authorization, where the latter ones are coarse-grain.
Dave and his guests will discuss with you potential solutions and "application patterns" that show how this could look like and to which extent existing applications can be enhanced to support risk- and context-based authentication without code customization (non-intrusive) or with coding (intrusive).
Continuing Education Credits
After attending this webinar you will be able to:
- Create a risk matrix
- Quantify levels of assurance and value of resources
- Extract context metadata from browsers, or add context APIs to apps
- Create dynamic authorization transactions
This event qualifies for 1 Group Internet Based CPE
Prerequisites: None Advance Preparation: None Learning Level: Intermediate Field: Computer Science
Who should attend: CIOs, CISOs, IT Managers, and the project managers and IT professionals with 3 or more years’ experience.
KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry through its website: www.learningmarket.org
For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our office's telephone +49 211 23707710, email: email@example.com
The greatest cybersecurity threat an organization faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders - the contractors, third-party vendors, and even your own privileged employees who already have full access to your company's systems and sensitive data. Any of those can cause substantial damage to your business by leaking confidential information, disrupting access to a critical system or simply draining your bank account. The most privileged users in this regard are no longer the IT administrators, but the CEO or CFO, and the number of new attacks targeting them specifically is on the rise.
Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 14-17, 2019, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.