Fine-grained authorisation solutions are critical for creating and enforcing access security policies thus verifying that an authenticated subject has permission to perform certain operations or access specific applications or resources.
Traditionally authorisation controls are implemented in each application which then creates complexities and the number of applications increases.
The emerging global trend is to manage authorisation externally to the individual applications or systems. By providing a single location for all authorisation policies, the systems become much easier to manage and audit, whilst offering scalability and simplicity benefits.
The standardized framework for building such systems is XACMLv3 as specified by the OASIS model. XACMLv3 offers an XML and SOA based mechanism for externalising authorization using attribute-based access controls.
Our partner product - ViewDS Access Sentinel is a unique approach to authorisation policy management, being built on the ViewDS Directory Server. This enables third-party applications to externalise their access control decisions based on an integrated core identity repository. Based on XACML v3.0, it provides a policy-based access control solution making applications faster, easier, and safer to use.
A further architectural benefit for large enterprises is that corporate authorization policies can be centrally managed and replicated to other geographies, and in addition authorisation policies can be created and managed by those distributed locations.