Sunday, 11 May 2014

Integrated Attribute Storage

A notable difference between Access Sentinel and other XACML authorization solutions is that Access Sentinel has an integrated attribute store. In fact, we began with a secure attribute store and then built authorization services into it.  

The reason for this is that XACML is fundamentally an Attribute-Based Access Control (ABAC) system, which requires access to attributes to make access control decisions. To achieve high performance, one must bring the authorization attributes as close to the authorization service as possible. To ensure security, the integrity and trustworthiness of attributes is paramount as an ability to manipulate attributes will change the outcome of access control decisions. 

When considering the deployment of an attribute-based authorization solution, the manner in which attributes are accessed must be considered. 

Accessing information at its source will affect the performance, reliability and complexity of the authorization service while raising many questions about the security and trustworthiness of the information. 

Many optimisations can be made to help improve the situation, such as the use of virtual or meta directory based solutions, however doing so may result in a more complex and costly solution. 

Access Sentinel

Access Sentinel is a self contained solution that allows applications to externalise authorization decisions. Access Sentinel includes: 

  • an attribute synchronization service to consume necessary attributes from existing data sources
  • a robust repository to store policies and attributes
    • Attributes may be synchronized from existing systems or defined locally for the purpose of providing an authorization service
    • Access to attributes are secured using XACML policies
  • an authorization service that obtains attributes and policies through high speed internal function calls

The consolidation of all of the required components (attribute storage and synchronization, policies and an authorization service) makes Access Sentinel a simple, effective, and high performance authorization solution. The Access Sentinel solution can be deployed and distributed throughout an enterprise to simplify policy and attribute requirements.

For more information about Access Sentinel and the importance of attributes in your authorization strategy, please read our latest whitepaper: 

No comments:

Post a Comment