Enterprise Authorization Framework
- TYPE: Combined Session DATE: Wednesday, May 10, 2017 TIME: 15:30-16:30 LOCATION: ALPSEE
Authorization frameworks comprise run-time policy enforcement, administration-time policy models, and IAM governance. Groups are the dominant policy model in the enterprise today. Easy to manage from the bottom up, the problem is that groups tend to sprawl. Turning to RBAC, some organizations have a good set of positional roles, but others don't. Either way, RBAC easily succumbs to role proliferation if practicioners layer too many special cases and exceptions onto the model. Fortunately, dynamic authorization - also known as attribute-based access control (ABAC) - has the potential to blend roles, groups, and attributes from subjects, resources, and context into a unified model.
- Good practices for RBAC
- The RBAC/ABAC continuum – it’s not either or, it’s about both approaches
- Don't hype the "ABAC" - success stories, pitfalls, and lessons learned
- Where Dynamic Authorization Management fits in: Not only Policy Servers, but Adaptive Authentication, API & XML Gateways, Web Access Management, and more
- Create "economies of context" through well-designed identity object models and application taxonomies
- Cloud-friendly patterns, tokens, and security considerations
- “Dynamic Provisioning” of static (RBAC-based) ACLs: A real alternative?
- Sample decision trees for a unified authorization framework
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- May 09 - 12, 2017 Munich, Germany