Authorization is the single area of IAM which is most challenging. This is partially due to the intrusiveness to applications, but also due to the lack of widely adopted standards. While there is logic in moving towards centralized, dynamic and policy-based authorization management (or, in short, ABAC), it is hard to succeed in that journey.
This panel will focus on the way to best integrate applications such as COTS software, cloud services, and home-grown applications, with a solution for managing authorizations centrally. How to do it best? Is it still XACML? Is it OAuth 2.0? Are proprietary approaches best-suited here? And how to build your applications in a way that you can change the Authorization platform without changing application code?