Axiomatics Federal Inc., the leader in externalized fine-grained dynamic authorization, is pleased to announce the company’s flagship product, the Axiomatics Policy Server has been nominated to compete in the 2018 ‘ASTORS’ Homeland Security Awards Program.
The federal government is faced with a unique set of challenges that require a fine-grained approach to access control.
Attribute Based Access Control (ABAC) is becoming a dominant model in performing access control for Federal agencies.
(Externalized dynamic authorization from Axiomatics can help you protect your most critical assets. and promote information sharing enterprise-wide. Courtesy of Axiomatics and YouTube. Posted on Apr 26, 2017.)
CONTROL AND VISIBILITY IN A FEDERAL GOVERNMENT ECOSYSTEM
As the IT environment gets more complicated, agencies need a new approach to managing and changing complex access control models, often as part of digital modernization initiatives, and moving away from legacy role-based approaches.
The Axiomatics Policy Server is an independent solution which easily integrates with Identity and Access Management (IdAM) services from leading vendors in the space.
The rich APIs and advanced authorization services for all types of scenarios come combined with user-friendly interfaces for policy life-cycle management, service administration and monitoring.
Unmatched performance, cost savings and speed-to-market makes Axiomatics Policy Server the preferred choice for government agencies, radically simplifying implementation of an ABAC approach.
THE ABAC SHIFT
Security experts agree that ABAC is the future of identity and access management. But as with any great technological shift, there are obstacles to be overcome.
Axiomatics has learned from our customers that the greatest challenges they face in the shift to ABAC are of a non-technical nature.
Axiomatics Policy Server, with its graphical user interface for policy creation and editing, is designed to facilitate this transition by giving policy authors the power to represent policies graphically and policy administrators the means to verify and comment upon policies without the need for high levels of technical expertise.
Axiomatics Policy Server is a robust solution with several components working together seamlessly.
Clients send access requests to the server, which in turn grants or refuses access based on agency policies that administrators define using Axiomatics’ user-friendly policy authoring tools.
The authorization service may also consider context-related data retrieved from other sources.
There are three types of authorization service:
- Policy Decision Point (PDP): This primary service makes policy-based permit/deny decisions. It evaluates polices written in the XACML 3.0 language, a rich, standards-based policy language capable of handling any level of complexity.
- ARQ Raw: This service is used to compute the conditions that need to be satisfied to reach a desired authorization decision.
- ARQ SQL: This is a service that exposes ARQ Raw results as SQL SELECT statements
(See a brief overview, to learn the basics of ABAC and how to get started. Courtesy of Axiomatics and YouTube. Posted on Jul 27, 2015.)
HOW IT WORKS:
- Administrators use the services manager for centralized management and monitoring of deployed authorization services.
- For policy authors several policy editors are available for management of XACML 3.0 conformant authorization policies.
- Authorization services are grouped and deployed in different authorization domains. Services inside a domain share the same set of policies and configurations.
- Each domain can contain redundant instances of authorization services to meet high availability needs.
- APIs for the authorization services are used to connect enforcement points which control access to information in managed applications.
- Toolboxes and software development kits (SDKs) help integrators and developers connect the applications they want to protect to the authorization services.
- Connectors to external attribute sources can be used to allow the authorization service to consider a rich context of enterprise attributes in the evaluation of authorization policies.
The dynamic and fine-grained control provided by an ABAC model ensures that only authorized individuals can access sensitive data.
Digital policies, an integral part of ABAC, ensures that the applications in the enterprise are adhering to the security, regulatory, and business policies established by a federal agency.
The Axiomatics Policy Server (APS) is the purest implementation of ABAC on the market today, combining access control decision making with digital policy management.
APS is a market leader for two reasons. First, its designers deliberately engineered APS to be an abstract service layer for your enterprise.
By using its robust application programming interface (API), the service is highly decoupled from both the application and the data tiers.
This means that the authorization service needs no prior knowledge of who or what is requesting access to an object, or knowledge of the object being requested.
Second, APS uses open standards for communication between its internal and external nodes.
Axiomatics and APS were the first to be fully XACML 3.0 compliant.
XACML is the OASIS standard for an attribute-based access control policy language and architecture.
Taken together, these two unique features allow for APS to be loosely integrated into a Federal agency’s architecture.
Therefore, as technologies progress, expensive rip-and-replace technical refreshes are not required.
The authorization service, or it subscribers, can be updated and/or replaced without having to affect other components, particularly in models that have tightly-coupled Identity and Access Management (IdAM) components.
This level of service abstraction, which ultimately saves the Federal government time and money, is a trending model across the IdAM community.
The Axiomatics Policy Server, first released in 2008, was ten years ahead of its time.
(Go beyond identity based attributes to make fine grained access control decisions with Attribute Based Access Control (ABAC). Courtesy of Axiomatics and YouTube. Posted on Mar 2, 2018.)
- Changes in operational rules are made once and applied centrally rather than on each application
- Complete solution for enterprise rollout of Attribute-Based Access Control (ABAC)
- Real-time, dynamic authorization
- Grants or denies access to application features or database requests based on your agency’s rules of operation
- Context-aware, fine-grained access control:
- Cloud services
- Mobile Environments
- BYOD environments – Adapting access to applications and data as appropriate per end-point
- Industry standard policies
- Axiomatics Policy Server fully implements XACML 3.0
- Aligns to NIST SP 800-162
Axiomatics at a Glance
Axiomatics is the leading provider of fine-grained access control.
Axiomatics’ solutions are utilized by government agencies and Global Fortune 1000 companies around the world to enable digital transformation: share and safeguard sensitive information, meet compliance requirements, and minimize data fraud.
Axiomatics provides Attribute Based Access Control (ABAC) for applications, databases, Big Data, APIs and microservices.
Axiomatics Federal Inc. in the 2018 ‘ASTORS’ Homeland Security Awards Program
AST focuses on Homeland Security and Public Safety Breaking News, the Newest Initiatives and Hottest Technologies in Physical & IT Security, essential to meeting today’s growing security challenges.
The 2018 ‘ASTORS’ Homeland Security Awards Program, is organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, Border Security, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
As an ‘ASTORS’ competitor, Axiomatics Federal will be competing against the industry’s leading providers of Innovative Access Control & Authentication System Solutions.
To Learn More about the ‘ASTORS’ Homeland Security Awards Program, see 2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East.
Over 100 distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government, gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included representatives from:
- The Department of Homeland Security (DHS) Science and Technology Directorate (S&T)
- U.S. Customs and Border Protection
- The Department of Justice
- The Security Exchange Commission
- State and Municipal Law Enforcement Agencies
- The Royal Canadian Mounted Police
- Leaders in Private Security