Do we really need identity propagation in SOA and Clouds?

2012 IT developers and, especially IT Security specialists struggled for years trying to create an identity control at the enterprise level. The most known initiative and model in this area is Single Sign On (SSO) where an identity of an end-user can be propagated between systems and can be recognized across an enterprise. In today‚Äôs […]

Entitlement to Data

J2EE Journal, 2008 The requirements for different user-facing applications frequently say something like: “User has to see/read/be shown only funds/records/itineraries/policies he or she is entitled to.” Permissions in these cases usually depend on multiple factors related to the user profile (job role, locale, etc.), to the protected data (data origin, storage, approval status, etc.), or […]

Dealing with Architectural Security

J2EE Journal   OCTOBER 15, 2005 10:30 AM EDT READS: 32,681        Application architects have heard about the increased importance of security, but in many cases they really don’t know how to approach this issue. In this article, I’ll share my experience and define a few basic steps and checkpoints for building application architecture with […]