Solving BYOD, building advanced websites, or launching an API requires access control to determined who should consume your data. To do this, centralized authorization is a must. Having the same access control system for employees, partners, and customers yields many benefits in terms of manageability and cost. Separating responsibilities for Security policy authoring and service implementation becomes crucial in large scale complex deployments.
Attribute Based Authorization
The Policy Servers using Attributes Based Authorization helps organizations determine what users are allowed to do.
It does this by enforcing access control rules that can be defined centrally and applied company-wide. To make this determination, each access control rule answers four questions:
Who is attempting the action?
What information is being accessed?
What action is being requested (e.g., read, write, delete, etc.)?
What context data is given (e.g., location, time of day, etc.)?