Saturday, August 26, 2006
XACML and Fine Grained Entitlements
I have managed to stump both industry analysts and thought leaders in the XACML space by asking them one simple question...
At work, we are doing a POC with several vendors in the entitlements space and XACML is a key component in their approach. We spent a week explaining our model in terms of narrative and it still hasn't fully been digested. When asked how others communicate their authorization models in terms of pictures, no answer emerged.
It seems as if everyone can describe it in terms of a conversation but no one has ever figured out exactly how to draw a real-world authorization model with all of its complexities in a single diagram.
I searched google where the conversation seems to be on process and methodology but not architecture. Likewise, there are many models for how vendors should design their products but nothing of use to the enterprise. Even in reading the methodology stuff, guys such as Sena Systems always assume forward engineering via use-cases. What if an enterprise already has a model? How do vendors methodologies in this space handle reverse engineering?
Of course we can find blockatecture, data flow, and infrastructure level views but none of these tell how our authorization model actually works. Figured that I would ask the blogosphere for assistance in helping me identify how to draw a single diagram in this space.
Thoughts?
| | View blog reactionsAt work, we are doing a POC with several vendors in the entitlements space and XACML is a key component in their approach. We spent a week explaining our model in terms of narrative and it still hasn't fully been digested. When asked how others communicate their authorization models in terms of pictures, no answer emerged.
It seems as if everyone can describe it in terms of a conversation but no one has ever figured out exactly how to draw a real-world authorization model with all of its complexities in a single diagram.
I searched google where the conversation seems to be on process and methodology but not architecture. Likewise, there are many models for how vendors should design their products but nothing of use to the enterprise. Even in reading the methodology stuff, guys such as Sena Systems always assume forward engineering via use-cases. What if an enterprise already has a model? How do vendors methodologies in this space handle reverse engineering?
Of course we can find blockatecture, data flow, and infrastructure level views but none of these tell how our authorization model actually works. Figured that I would ask the blogosphere for assistance in helping me identify how to draw a single diagram in this space.
Thoughts?
