1 Management Summary
Dynamic authorization in complex enterprise IT environments is one of the most challenging parts of identity and access management (IAM) and information security alike. To be successful, organizations must address authorization through a holistic architecture. In this note, KuppingerCole breaks the problem down into three dimensions: Governance and admin time authorization, access policy models, and runtime authorization.
Admin time policy management and runtime policy enforcement must meet in the middle with policy model for groups, RBAC, ABAC, entitlements, and policy expressions (or rules). Organizations must create as their architecture a unified authorization framework spanning the three dimensions and often requiring hybrids of all the policy models. Herein, KuppingerCole provides frameworks, models, decision trees, and recommendations to get started.