Providing Fine-Grained Access Control in a Federated Security Environment
Whatever your current environment, Edmond’s Hybrid Authorization Control System (HACS) (Patent US9237159 B2) provides the additional capabilities your authorization environment needs to enforce fine grain access control of resources and data. As a simple bridge or a pluggable extension into existing API managers or identity servers with extensible architecture, Edmond’s HACS allows you to restrict access to individual resources by federating SAML2.0, OpenID Connect, OAuth, and WS-Federation through a Single Sign-On (SSO). Edmond’s HACS creates a continuous security fabric between these previously incompatible protocols, and enables SSO through active directory or other means across or between enterprises and data stores for fine-grained access control. The HACS operates at runtime to provide real-time decisions for restricting or permitting individual access.
Functional features include the ability to:
- Bridge OAuth, SAML, OpenID Connect, UMA, and WS-Federation using existing COTS products and replaces the manual administration of access rights by administrators with computable policy processing.
- Provide the ability to enforce access control decisions and integrate access control policies between different architectures or protocols.
- Enable both Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)
- Provide fine-grained access control based on policies stored in existing Policy Administration Points (PAPs)
- Simplify attribute-based policy management by providing Policy Managers with bidirectional communications with applications and ABAC features to edit or create policies. Integrates with existing COTS products for fine-grained authorization for FHIR, REST or SOAP services