Authorization Externalization

Authorization Externalization

Alternative Forms

N/A

Definitions

Definition 1

Authorization Externalization is a software architectural design that consists in externalizing the authorization logic to a specialized and centralized system instead of implementing it within the application.

The key drivers for this architectural design are the reduction of the cost and complexity of software development and maintenance related to the authorization logic, and the improved scalability for application owners in consistently managing authorizations across numerous heterogeneous applications.

Authorization Externalization may be implemented by implementing a 3rd party authorization management system or custom development.

The following standards may facilitate Authorization Externalization:

Example sentences

Bob was developing business applications for Acme Inc. These applications were successful but every time a new application was developed, manual processes had to be setup to manage its authorizations. To reduce costs and improve security, Alice, the IAM Manager, acquired a 3rd party authorization management system and asked Bob to consume its API instead of embedding the authorization logic within the application.

Conceptual Diagram

Related Terms

Related Best Practices

Quotes

Externalizing authorization from applications

Many applications today are written with authorization logic built proprietarily into the application. This logic, often driven by sustainable ACL and RBAC policy models, is often not reusable between applications. Development teams are forced to reinvent the wheel and spend measurable time maintaining business authorization rules, rather than focusing their efforts on core application development. Additionally, accurate reporting can be a time-consuming task when IT governance teams are tasked with tracking down exactly what access an entity has at any given time across several siloed applications. This becomes a nightmare in the event of a security breach. How quickly can you react and assess the scope of the breach?

By leveraging XACML, developers can remove the authorization logic from their applications. Policies are centrally managed and can be modified based on business needs at runtime without any changes to application code.

(Blain, 2011, accessed 27 Jan 2021)

Number one is the goal to remove authorization processing from applications and implement it in a shared infrastructure service.

Bibliography

See Also


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.