Externalizing Fine-grained Authorization from Applications
By B Shashikumar on Aug 01, 2011
In a recent article published by Sys-Con, Marc Chanliau from Oracle highlighted the mechanics and benefits of externalizing fine-grained authorization policies from applications.
While URL-based coarse-grained authorization can be enforced using conventional web access management solutions, fine-grained authorization decisions are typically enforced at application run-time. For instance, if access to confidential data (such as user’s Social Security Number) is granted to a user only if he meets certain conditions, then those checks are typically performed at run-time. This led to complexities with building security for applications. It also led to a joint evolution of security policies with application logic which negatively impacted developer productivity. In this article, Marc Chanliau explores the need to externalize authorization from applications and then delves into the mechanics of externalizing authorization policies using Entitlement Servers.
Here’s a link to the complete article.
If you’d like to learn more about externalizing authorization from applications, check out the replay of our recent webcast on Oracle Entitlements Server 11g. We also have two additional webcasts coming up which explore the declarative security paradigm and its business benefits.