WebApp Sec mailing list archives
Re: Authorization Framework.
From: Yuri Demchenko <demch () chello nl>
Date: Mon, 24 Jan 2005 21:50:03 +0100
Babu Kopparam wrote:
I am working for product company which own around 80 products. My role is to provide security framework to all the teams. I have proposed RBAC (referring NIST's specification) as the suitable solution for Authorization. I want to know if my selection is right OR is there any other widely used method. Can you provide some links to gather more information about the same.
Hi Babu,Your choice is right. But just saying RBAC doesn't solve the problem nor propose real technical solution.
However, if you look at XACML as almost generic RBAC implementation and SAML as another component of the AuthZ infrastructure, it would be closer to practical solutions.
This document may be interesting for you: Using SAML and XACML for Authorisation assertions and messaging: SAML and XACML standards overview and usage examples. http://www.uazone.org/demch/analytic/draft-authz-xacml-saml-01.pdf Look also for other AuthZ and policy related papers at my homepage http://www.uazone.org/demch/worksinprogress.html Regards, Yuri
Thanks in advance, -Babu.
Current thread:
- Authorization Framework. Babu Kopparam (Jan 23)
- Re: Authorization Framework. D. Höhn (Jan 24)
- Re: Authorization Framework. Yuri Demchenko (Jan 24)