In my last few blogposts (here, here, and here), we’ve been talking about the best—and easiest!—way to upgrade to ABAC (attribute-based access control), using more flexible group definitions to create smarter authorization policies. And I told you that it’s possible to build these richer groups by leveraging more attributes. So that leaves one essential question—how..

read more →

In my most recent post, we looked at how today’s static groups are an essential building block in most policies used to “authorize” access to application resources. So when we talk about providing finer-grained authorization for an existing application, we are essentially talking about finding a better way to dispatch users to the different existing..

read more →

Last week, I posted about a syndrome I called “trapped in the future.” We often get stuck in this kind of future dreaming, because even if the target we want to achieve is great, the challenge of getting there seems so high. We tend to overplay the characteristics of the ideal solution, imagining the perfect..

read more →

Sometimes, I think we’re all trapped in the future. In a time when we depend so much on technology for our productivity, comfort, and security, we tend to be obsessed by what’s next. We’re surrounded by seers, futurists, and sometimes crooks who make a great living painting their vision of Tomorrow 2.0. Now, there’s nothing..

read more →

Last week, I introduced my favorite topic—digital context—and laid out a plan for how to consider the case. Today, we’ll dive in with a real-world example, looking at how freeing context from across application silos helps us make more considered, immediate, and relevant access control decisions. For those of you who have been following along..

read more →