Information Security - Neil Readshaw
Neil Readshaw 270001X752 firstname.lastname@example.org Tags:  tivoli-security-policy-ma... pcty tspm pcty-nordic microsoft-sharepoint security pulse 671 Visits
In a couple of days I fly to Copenhagen to attend and speak at the Nordic version of Tivoli's Pulse Comes to You customer event. As well as meeting with specific customers, I am looking forward to reprising the "Heterogeneous Identity and Access Management for Microsoft Office SharePoint Server" presentation that Nataraj Nagaratnam and myself developed for the global Pulse event. As in Vegas, I'll be demo'ing some advanced capabilities that integrate Tivoli Security Policy Manager and Microsoft SharePoint for fine-grained application entitlements.
If you'll be at Pulse Nordic, stop by and say hej/hei/hallo/g'day.
Neil Readshaw 270001X752 email@example.com Tags:  authorization tivoli-access-manager tspm tameb security-policy-managemen... tivoli-security-policy-ma... authorization-policy-desi... tam 1 Comment 1,298 Visits
I've worked with Tivoli Access Manager (TAM) for a long time (through three product name changes and two company name changes at least) and have been getting into Tivoli Security Policy Manager (TSPM) over the last year or so. One of the things that I have become more aware of is the different thought process I go through to design authorization policies with these two products. I wouldn't say that I have developed a migration procedure or anything like that just yet. However, I did want to write down a few notes on the approach I take and how I neutralize the TAM bias currently in my brain.
Firstly, here is a recap on writing TAM authorization policies:
TSPM authorization policies, making some indirect comparisons to TAM authorization policies, have these highlights:
When it comes time to construct policies in TSPM, I try to keep these things at front of mind:
Then, I (think I) go through a process like this. For each role (including the special 'all authenticated' and 'everyone' roles)
I hope you found that useful. Now then, if you've played with TSPM or other XACML based products, how do you approach policy authoring?