The introduction course provides a comprehensive overview of XACML-based Entitlement Management. It covers the basic concepts of the XACML standard and its different versions, including the current 3.0 draft. The goal of the course is to give attendees a good understanding of XACML as a policy language and to help them envisage what new possibilities can be gained from using XACML.
The course is designed for IT-security managers and implementers who want a crash-course in XACML to assess its potential for their enterprise and applications.
The topics covered include:
- The history of and the drivers behind the XACML standard
- The basic architecture of an XACML-based entitlement management solution
- Externalizing access control in relation to applications and services
- How attribute-based access control supersedes earlier access control mechanism such as RBAC
- Basing access control decisions on attributes describing the subject, resource, action and environment respectively
- How fine-grained access control can be achieved and why it is required
- How context-aware authorization schemes can be implemented
- The structure of XACML policies
- How XACML policies are evaluated and resolved
- Examples of SOA scenarios including a business case for XACML
- XACML and SAML
