Authorization is the New Black for Infosec

Authentication is not enough. Authorization is a must for all integrated services – whether infrastructure components, applications, or management frameworks. If you’ve gone through the proce...

Published Oct 20, 2010

Version 1.0

dynamic infrastructure

iControl

infrastructure

Lori_MacVittie

Employee

Joined October 17, 2006

View Profile

Lori_MacVittie1

Nimbostratus

Oct 21, 2010

Juan,

Can you expand APM? Do you mean F5 BIG-IP Access Policy Manager or some other solution?

And by F5 do you mean APM or ASM (Application Security Manager) or just plain old BIG-IP LTM? And are you wondering about authorization for F5 devices or for web applications? The latter we can do in a number of ways - applying context-aware policies to URIs can be accomplished by APM, ASM, and LTM + iRules) and for internal resources, FirePass can play along.

For the former we'd use the same tools (ASM, APM, or LTM+iRules) to constrain access to iControl by examining the SOAP envelope and headers to find out what API call is being made and then applying the proper authorization policies.

Lori

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Authorization is the New Black for Infosec

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS