Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Authorization Framework.

from [Yuri Demchenko] Network Security [Permanent Link]
Subject: Re: Authorization Framework.
Date: Mon, 24 Jan 2005 21:50:03 +0100
Babu Kopparam wrote: 

I am working for product company which own around 80 products.
My role is to provide security framework to all the teams.

I have proposed RBAC (referring NIST's specification) as the suitable
solution for Authorization.

I want to know if my selection is right OR is there any other widely
used method.

Can you provide some links to gather more information about the same.

Hi Babu,

Your choice is right. But just saying RBAC doesn't solve the problem nor propose real technical solution.

However, if you look at XACML as almost generic RBAC implementation and SAML as another component of the AuthZ infrastructure, it would be closer to practical solutions.

This document may be interesting for you:

Using SAML and XACML for Authorisation assertions and messaging: SAML
and XACML standards overview and usage examples.
http://www.uazone.org/demch/analytic/draft-authz-xacml-saml-01.pdf

Look also for other AuthZ and policy related papers at my homepage
http://www.uazone.org/demch/worksinprogress.html

Regards,

Yuri

Thanks in advance,
-Babu.


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: (secure email) Proposal to anti-phishing, Eric McCarty
Next by Date:  RE: Proposal to anti-phishing, Adler Eliacin
Previous by Thread:  Re: Authorization Framework., "D. HÃhn"
Next by Thread:  OWASP Meeting Tues 1/25 (6PM in Columbia MD), Jeff Williams
Indexes:  [Date] [Thread] [Top] [All Lists]