André Koot is Security Manager at a large Dutch insurance company and responsible for strategic security policy and security architecture. He has been involved in Information Security for 15 years and is the chief editor for the Dutch magazine Informatiebeveiliging ("information Security") of the Dutch society of security professionals PvIB.

Presentation

Claims Based Access Control

Traditionally Role Based Access Control is seen as a solution for realizing authorization for users in complex environments. In SOA environments traditional RBAC is no longer feasible as an access control mechanism.

The user context is separated from the business services in the backoffice systems, thereby limiting the possibility of backoffice systems for verification of the authorization of a user. Moreover business services are designed to be used in multiple contexts thus rendering direct user authorization meaningless.

In order to comply with laws and regulations a new authorization paradigm is necessary. A claims based approach allows attributes of both service requester and context to be combined. In the presentation we will show the problems of traditional RBAC in a SOA and present a possible solution using Identity 2.0 features and standards such as SAML.

Audience:-
SOA architects, security architects, people interested in the effects of Web2.0 and new business models

Key takeaways:-
1. Outside the box thinking about access management
2. Agile approach to security
3. Practical aspects of Identity 2.0

return to program