Industrial Strength Access Control for Spring Applications — Dariush Amiri, GE Digital
Slides: http://www.slideshare.net/Pivotal/industrial-strength-access-control-for-spring-applications Despite the plethora of open security standards and drafts, there is a dearth of comprehensive solutions that satisfy the requirements of RESTful access control in the industrial space. Standards like OAuth 2.0, geared towards consumer-facing applications, have gained wide support but only provide mechanisms for coarse-grained authorization. Newer standards like UMA build logical extensions to OAuth that allow for finer-grained access control but mention nothing about how to define policies and manage privileges. XACML-based solutions thrive in the enterprise but they are costly and have a steep learning curve. In this talk we will explore a novel solution to the problem of building access control for RESTful services in the industrial world. Speaker: Dariush Amiri, GE Digital