Industrial Strength Access Control for Spring Applications
SpringOne Platform 2016 Speaker: Dariush Amiri; Senior Software Architect, GE Digital Despite the plethora of open security standards and drafts, there is a dearth of comprehensive solutions that satisfy the requirements of RESTful access control in the industrial space. Standards like OAuth 2.0, geared towards consumer-facing applications, have gained wide support but only provide mechanisms for coarse-grained authorization. Newer standards like UMA build logical extensions to OAuth that allow for finer-grained access control but mention nothing about how to define policies and manage privileges. XACML-based solutions thrive in the enterprise but they are costly and have a steep learning curve. In this talk we will explore a novel solution to the problem of building access control for RESTful services in the industrial world.