.

March 25, 2019 – Apache Roadshow

The Anatomy of a Secure Java Web App Using Apache Fortress Shawn McKinney to speak at Apache Roadshow Join Symas Software Architect, Shawn McKinney, as he presents on Apache Fortress at Apache Roadshow. Click to learn more.This talk describes how to design end-to-end...
Adding Contextual Information to the RBAC Decision

Adding Contextual Information to the RBAC Decision

We don’t have to throw the baby out with the bathwater. RBAC has many good aspects that we’d like to preserve. It’s standards-based, meaning various implementations should interoperate. It works, and is already in place, pretty much everywhere. But we’d like to be able to sprinkle in a bit of context, allowing us to fix the role explosion problem, without breaking its interoperability, or bringing in another implementation, with yet another protocol.

Who put ABAC in my RBAC?

Readers know that Attribute-based Access Control (ABAC) is a bit of an obsession with me. It stems from the want to have something like an ABAC system in my little bag of tricks. An authorization engine that scales to everyday usage, without proprietary, bloated or cumbersome baggage to weigh it down.