Enterprise Authorization Framework

  • TYPE: Combined Session DATE: Wednesday, May 10, 2017 TIME: 15:30-16:30 LOCATION: ALPSEE

Building a Unified Authorization Framework with RBAC & ABAC

Authorization frameworks comprise run-time policy enforcement, administration-time policy models, and IAM governance. Groups are the dominant policy model in the enterprise today. Easy to manage from the bottom up, the problem is that groups tend to sprawl. Turning to RBAC, some organizations have a good set of positional roles, but others don't. Either way, RBAC easily succumbs to role proliferation if practicioners layer too many special cases and exceptions onto the model. Fortunately, dynamic authorization - also known as attribute-based access control (ABAC) - has the potential to blend roles, groups, and attributes from subjects, resources, and context into a unified model.

Key Takeaways:

  • Good practices for RBAC
  • The RBAC/ABAC continuum – it’s not either or, it’s about both approaches
  • Don't hype the "ABAC" - success stories, pitfalls, and lessons learned
  • Where Dynamic Authorization Management fits in: Not only Policy Servers, but Adaptive Authentication, API & XML Gateways, Web Access Management, and more
  • Create "economies of context" through well-designed identity object models and application taxonomies
  • Cloud-friendly patterns, tokens, and security considerations
  • “Dynamic Provisioning” of static (RBAC-based) ACLs: A real alternative?
  • Sample decision trees for a unified authorization framework

Log in to download the presentation:  


Dan Blum is an internationally-recognized expert in security, privacy, cloud computing, identity management and works as Senior Analyst at KuppingerCole. He develops Security Architects Partners’ business partnerships, creates content and leads consulting engagements. Blum provides...


Session Links

Munich, Germany


European Identity & Cloud Conference 2017

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 09 - 12, 2017 Munich, Germany