Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management > Identity Management Standards and Technologies > The Nirvana of Access Control and Policy Management

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management

Search

Praise for Core Security Patterns

Prentice Hall Core Series

Pt. II. Java Security Architecture and Technologies

Pt. III. Web Services Security and Identity Management

Ch. 6. Web Services Security–Standards and Technologies

Ch. 7. Identity Management Standards and Technologies

Identity Management–Core Issues

Understanding Network Identity and Federated Identity

Introduction to SAML

SAML Architecture

SAML Usage Scenarios

The Role of SAML in J2EE-Based Applications and Web Services

Introduction to Liberty Alliance and Their Objectives

Liberty Alliance Architecture

Liberty Usage Scenarios

The Nirvana of Access Control and Policy Management

Introduction to XACML

XACML Data Flow and Architecture

XACML Usage Scenarios

Summary

References

Pt. IV. Security Design Methodology, Patterns, and Reality Checks

Pt. V. Design Strategies and Best Practices

Pt. VI. Putting It All Together

Pt. VII. Personal Identification Using Smart Cards and Biometrics

Index

The Nirvana of Access Control and Policy Management

There are a number of initiatives in the industry related to access control and policy management, such as IETF, DMTF, and OASIS. Each of them produces specifications for policy and has corresponding industry support groups. Sometimes architects and developers are confused about whether they are related or whether they are competing. For example, a telecommunication service provider wants to build a generic policy engine for determining the security policy for service-on-demand home network services and network infrastructure services. IETF (http://www.ietf.org/html.charters/policy-charter.html) and DMTF (http://www.wbemsolutions.com/tutorials/CIM/dmtf-policies.html) have produced policy specifications. The Parlay Group (http://www.parlay.org/about/policy_management/index.asp) has also issued a framework specification on policy management, which is targeted for implementing security services and access-control policies in the telecommunications sector. Which policy management specification should the telecommunication service provider choose? This section summarizes each policy management specification and discusses how they are related.

It is important for security architects and developers to understand that although these standards and industry groups share the same term “policy,” they use the term to denote different meanings. The term “policy” may refer to specific data formats, protocols, operational semantics, and logical architectural framework components. For example, many policy frameworks (such as IETF policy framework) specify operational components such as Policy Enforcement Point (PEP), Policy Decision Point (PDP), Policy Issuing Point (PIP), and Attribute Authorities. These policy operational components are not necessarily restricted to security access control; they can be applicable to general business services as well. There are also specific data flows between these architectural components. These architectural components are practically logical and agnostic to specific physical infrastructure.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 7. Identity Management Standards... > The Nirvana of Access Control and Po...

The Nirvana of Access Control and Policy Management