Ian Glazer

A member of the Gartner Blog Network

Entries Tagged as 'fga'


A chronic identity pain

by Ian Glazer  |  January 13, 2011  |  2 Comments

I’m a provisioning guy; it was the way I was raised in the world of identity management. And being a provisioning guy my take on how people are enabled to execute business transactions looks like this: Write a provisioning policy such as people in department 10 get LDAP group Q Enforce that policy – give [...]

2 Comments »

Category: Provisioning     Tags: , , , , , , ,

Attributes and relationships: Federated ABAC

by Ian Glazer  |  July 20, 2010  |  8 Comments

Yesterday, I delivered the keynote to a federated attribute-based access control (ABAC) symposium. For those of you keeping score at home this is the 3rd of *BAC approaches for authorizing individuals. The 1st *BAC, IBAC – identity-based access control – was essentially so trivial that it never got any good marketing*. The 2nd, RBAC – [...]

8 Comments »

Category: Identity Management Market     Tags: , , , , ,

Identity Management 2010 Market Profile

by Ian Glazer  |  May 18, 2010  |  Comments Off

After much effort, our Identity Management Market Profile 2010 has shipped. For those of you not familiar with Burton Group market profiles, we take a market, apply our patent-pending compression algorithm, and crush the market down to 20 or so pages. Now as you can imagine, squishing a multi-billion dollar market down to a handful [...]

Comments Off

Category: Identity Management Market     Tags: , , , , , , ,

Nailing Down the Definition of “Entitlement Management”

by Ian Glazer  |  May 13, 2009  |  Comments Off

Ian Yip’s take on access management versus entitlement management can be partially summed up with this equation: Entitlement management is simply fine-grained authorisation + XACML I have four problems with this. First, definitions that include a protocol are worrisome as they can overly restrict the definition. For example, if I defined federation as authentication via SAML, [...]

Comments Off

Category: Identity and Access Governance     Tags: , , ,