« Begin the Begin - Cloud Security | Main | Dangers of Mixed Incentives »


Steffen Bartsch

A good point: "your access control matrix is not code"

Why is that so? Why don't we have adapters on all those different levels, mapping to the same access control matrix? How hard would such a mapping be? How would it look like?

Of course, there is the whole XACML architecture. For large projects XACML might be the right answer. But who is to read and understand or even write XACML policies? I'd say we'd need something being easier to grasp for domain experts, not only security experts. Anything out there?

The comments to this entry are closed.