Authorization is the New Black for Infosec
Published Oct 20, 2010
Version 1.0Was this article helpful?
Can you expand APM? Do you mean F5 BIG-IP Access Policy Manager or some other solution?
And by F5 do you mean APM or ASM (Application Security Manager) or just plain old BIG-IP LTM? And are you wondering about authorization for F5 devices or for web applications? The latter we can do in a number of ways - applying context-aware policies to URIs can be accomplished by APM, ASM, and LTM + iRules) and for internal resources, FirePass can play along.
For the former we'd use the same tools (ASM, APM, or LTM+iRules) to constrain access to iControl by examining the SOAP envelope and headers to find out what API call is being made and then applying the proper authorization policies.
Lori