Authorization bestpractices

•Transferir como PPTX, PDF•

2 gostaram•27,726 visualizações

http://anil-identity.blogspot.com/2013/05/access-control-best-practices.html has the best practices for access control/authorization.

Tecnologia Negócios

Authorization/Access Control
Best Practices
Anil Saldhana
anil@apache.org

“Authentication is FINITE whereas
Authorization is INFINITE”.
- Anil Saldhana

Best Practice 1
• Know that you will need access
control/authorization

Best Practice 2
• Externalize the access control policy
processing

Best Practice 3
• Understand the difference between Coarse
Grained and Fine Grained Authorization

Best Practice 4
• Design for coarse grained authorization but
keep the design flexible for fine grained
authorization

Best Practice 5
• Know the difference between Access Control
Lists (ACL) and Access Control Standards
– ACL are proprietary
– Standards include OASIS XACML and IETF OAuth2

Best Practice 6
• Adopt Rule Based Access Control: view access
control as Rules and Attributes

Best Practice 7
• Adopt REST Style architecture when your
situation demands scale and hence adopt
REST Authorization Standards

Best Practice 8
• Understand the difference between
Enforcement vs Entitlements model

Greater Depth
• Visit http://anil-
identity.blogspot.com/2013/05/access-
control-best-practices.html

Mais conteúdo relacionado

Destaque

Securing Applications With Picketlink

Securing Applications With Picketlink

Securing Applications With Picketlink

Saml vs Oauth : Which one should I use?

Saml vs Oauth : Which one should I use?

Saml vs Oauth : Which one should I use?

Mule security - saml

Mule security - saml

Mule security - saml

BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev

BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev

BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev

The concept of cloud identity in higher education was recognized in November 2009 with the EDUCAUSE Catalyst Award, which honors IT-based innovations that provide groundbreaking solutions to major challenges in higher education. But what is cloud identity? The gist is that cloud identity enables a person's "user" information to be distributed on the Internet. This solves a common problem: the need to maintain a username at every website. In this paradigm shift, identity information is not stored within each website, but accessed on the wire as needed. Websites become "relying parties" (RPs) using the information of trusted "identity providers" (IdPs). Although it has taken a while, finally the recipe for federated identity seems clear.

Cloud Identity: A Recipe for Higher Education

Cloud Identity: A Recipe for Higher Education

Cloud Identity: A Recipe for Higher Education

RSA Europe: Future of Cloud Identity

RSA Europe: Future of Cloud Identity

RSA Europe: Future of Cloud Identity

DaaS/IaaS Forum Moscow - Chris Rogers

DaaS/IaaS Forum Moscow - Chris Rogers

DaaS/IaaS Forum Moscow - Chris Rogers

Briforum 2011 Chicago

Briforum 2011 Chicago

Briforum 2011 Chicago

DaaS/IaaS Forum Moscow - Najat Messaoud

DaaS/IaaS Forum Moscow - Najat Messaoud

DaaS/IaaS Forum Moscow - Najat Messaoud

The Tools I Use

The Tools I Use

The Tools I Use

It’s an age old problem: how do you prove your identity? It’s the reason governments started issuing id cards. Since the advent of the Internet, identification has gotten even harder. To a website, you are a stream of electrons. Before you can transact business, the website needs to associate that stream of electrons with a person--a piece of meat. 80% of the Internet's security breaches have been traced back to bad passwords, but until recently, anything better than passwords meant expensive hardware tokens, or complex digital certificates. Luckily, authentication is experiencing a renaissance. New technologies have made it easier, more secure, and even less expensive to authenticate a person. Authentication is the front door to your network service. What device does the person have in their hands? Is your website or mobile app for customers or employees? The slides from this SXSW 2014 presentation will help you understand your options, and how to use authentication for competitive advantage.

Who Are You? From Meat to Electrons - SXSW 2014

Who Are You? From Meat to Electrons - SXSW 2014

Who Are You? From Meat to Electrons - SXSW 2014

RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5

RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5

RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5

ID Next 2013 Keynote Slides by Mike Schwartz

ID Next 2013 Keynote Slides by Mike Schwartz

ID Next 2013 Keynote Slides by Mike Schwartz

DaaS/IaaS Forum Moscow - Ivo Murris

DaaS/IaaS Forum Moscow - Ivo Murris

DaaS/IaaS Forum Moscow - Ivo Murris

Citrix Internals: Tracing, Debugging & Troubleshooting

Citrix Internals: Tracing, Debugging & Troubleshooting

Citrix Internals: Tracing, Debugging & Troubleshooting

RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V

RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V

RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V

Clickjacking DevCon2011

Clickjacking DevCon2011

Clickjacking DevCon2011

Increased trust in an online identity = increased mitigation of the risk of fraud. As an enterprise interacts with a person via the Internet, it may be prudent, for certain transactions, to have more evidence of that person’s identity. Web Access Management systems include some proprietary features to force “stepped-up authentication.” But luckily, new OAuth2 profiles like UMA and OpenID Connect offer a standards based approach to achieve inter-domain trust elevation. This slideshows includes a high level overview of the Enterprise UMA use case and some of the useful OpenID Connect features that can be leveraged to create centralized authentication policies.

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

How to Fail at VDI

How to Fail at VDI

How to Fail at VDI

Destaque (19)

Securing Applications With Picketlink

Securing Applications With Picketlink

Securing Applications With Picketlink

Saml vs Oauth : Which one should I use?

Saml vs Oauth : Which one should I use?

Saml vs Oauth : Which one should I use?

Mule security - saml

Mule security - saml

Mule security - saml

BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev

BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev

BriForum 2013 Chicago - Citrix Troubleshooting - Denis Gundarev

Cloud Identity: A Recipe for Higher Education

Cloud Identity: A Recipe for Higher Education

Cloud Identity: A Recipe for Higher Education

RSA Europe: Future of Cloud Identity

RSA Europe: Future of Cloud Identity

RSA Europe: Future of Cloud Identity

DaaS/IaaS Forum Moscow - Chris Rogers

DaaS/IaaS Forum Moscow - Chris Rogers

DaaS/IaaS Forum Moscow - Chris Rogers

Briforum 2011 Chicago

Briforum 2011 Chicago

Briforum 2011 Chicago

DaaS/IaaS Forum Moscow - Najat Messaoud

DaaS/IaaS Forum Moscow - Najat Messaoud

DaaS/IaaS Forum Moscow - Najat Messaoud

The Tools I Use

The Tools I Use

The Tools I Use

Who Are You? From Meat to Electrons - SXSW 2014

Who Are You? From Meat to Electrons - SXSW 2014

Who Are You? From Meat to Electrons - SXSW 2014

RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5

RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5

RUCUG: 9. Sergey Khalyapin: Представляем XenDesktop 5

ID Next 2013 Keynote Slides by Mike Schwartz

ID Next 2013 Keynote Slides by Mike Schwartz

ID Next 2013 Keynote Slides by Mike Schwartz

DaaS/IaaS Forum Moscow - Ivo Murris

DaaS/IaaS Forum Moscow - Ivo Murris

DaaS/IaaS Forum Moscow - Ivo Murris

Citrix Internals: Tracing, Debugging & Troubleshooting

Citrix Internals: Tracing, Debugging & Troubleshooting

Citrix Internals: Tracing, Debugging & Troubleshooting

RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V

RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V

RUCUG: 6. Fabian Kienle - NetScaler and Branch Repeater for Hyper-V

Clickjacking DevCon2011

Clickjacking DevCon2011

Clickjacking DevCon2011

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

How to Fail at VDI

How to Fail at VDI

How to Fail at VDI

Último

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Authorization bestpractices

1. Authorization/Access Control Best Practices Anil Saldhana anil@apache.org

2. “Authentication is FINITE whereas Authorization is INFINITE”. - Anil Saldhana

3. Best Practice 1 • Know that you will need access control/authorization

4. Best Practice 2 • Externalize the access control policy processing

5. Best Practice 3 • Understand the difference between Coarse Grained and Fine Grained Authorization

6. Best Practice 4 • Design for coarse grained authorization but keep the design flexible for fine grained authorization

7. Best Practice 5 • Know the difference between Access Control Lists (ACL) and Access Control Standards – ACL are proprietary – Standards include OASIS XACML and IETF OAuth2

8. Best Practice 6 • Adopt Rule Based Access Control: view access control as Rules and Attributes

9. Best Practice 7 • Adopt REST Style architecture when your situation demands scale and hence adopt REST Authorization Standards

10. Best Practice 8 • Understand the difference between Enforcement vs Entitlements model

11. Greater Depth • Visit http://anil- identity.blogspot.com/2013/05/access- control-best-practices.html