Re: Authorization Framework.

[Yuri Demchenko <demch () chello nl>]

Babu Kopparam wrote:
> I am working for product company which own around 80 products.
> My role is to provide security framework to all the teams.
>
> I have proposed RBAC (referring NIST's specification) as the suitable
> solution for Authorization.
>
> I want to know if my selection is right OR is there any other widely
> used method.
>
> Can you provide some links to gather more information about the same.
Hi Babu,

Your choice is right. But just saying RBAC doesn't solve the problem 
nor propose real technical solution.

However, if you look at XACML as almost generic RBAC implementation 
and SAML as another component of the AuthZ infrastructure, it would be 
closer to practical solutions.

This document may be interesting for you:

Using SAML and XACML for Authorisation assertions and messaging: SAML
and XACML standards overview and usage examples.
http://www.uazone.org/demch/analytic/draft-authz-xacml-saml-01.pdf

Look also for other AuthZ and policy related papers at my homepage
http://www.uazone.org/demch/worksinprogress.html

Regards,

Yuri

> Thanks in advance,
> -Babu.