I’m a provisioning guy; it was the way I was raised in the world of identity management. And being a provisioning guy my take on how people are enabled to execute business transactions looks like this: Write a provisioning policy such as people in department 10 get LDAP group Q Enforce that policy – give [...]
Entries Tagged as 'fine-grained authorization'
by Ian Glazer | January 13, 2011 | 2 Comments
by Ian Glazer | May 13, 2009 | Comments Off
Ian Yip’s take on access management versus entitlement management can be partially summed up with this equation: Entitlement management is simply fine-grained authorisation + XACML I have four problems with this. First, definitions that include a protocol are worrisome as they can overly restrict the definition. For example, if I defined federation as authentication via SAML, [...]