Entitlements, Roles and Groups in Identity Access Management

An article, posted about one month ago filed in roles, groups, technology & it.

Sometimes I get confused by terminology. And many of the marketing pages that reply to such queries don't really help. So I here is my simple breakdown of these terms in relation to each other.

Entitlements

Entitlements are Granular Permissions. Entitlements represent specific rights or privileges and are the building blocks of roles and can be assigned individually or as part of a role.

Example: An entitlement might be "Access to Premium Reports". This entitlement can be part of multiple roles, such as "Admin" or "Premium User".

Note that not always entitlements are explicitly exposed, and are roles used in downstream applications to determine the exact entitlements associated with a role. Enterprise applications do attempt to separate these, but there is a lot of additional administration associated with this, especially when applications are extended rapidly.

Roles

Can be considered a collection of entitlements, a higher-level abstraction that groups m…

Continue reading...

How to REST?

An article, posted about 5 years ago filed in rest, api, technology, computer, resource, manipulation, http, requests, post & delete.

Today I tried to explain REST (as in REpresentational State Transfer, not near sleep) to a manager and why some of the services deployed at the organization he was working for wasn't REST. While there isn't a formalized spec, there is a dissertation by the Roy Fielding, who came up with the REST-principles as a set of principles that guided him while shaping the HTTP 1.1 standard which only recently got a successor with version 2.0… REST is a set of principles/guidelines that are very stable & predictable. It is also very simple, and theirin lies both its strength, and the sometimes too loose application of its principles.

Apparently many developers didn't get 'the web' (HTTP) right, hence REST was developed as a basic set of principles to explain how HTTP is supposed to work. This is a list of my favourite parts, also based on some secondary resources.

Some key concepts.

REST is about …

Continue reading...

Foggy cloud

An article, posted more than 9 years ago filed in cloud, cloud computing, vps, obscurity, technology, words, newspeak, visible, invisible & design.

> Customer: "I want to have problem x to be solved by a new cloud product y, can you make this?"
> Engineer: "Yes, of course, I'm an engineer. I can make anything, just pay me and give me sufficient amount of time."
> C: "Sorry, time & money are finite…"
> E: "Ok, so I guess with cloud you mean your data should always accessible, right?"
> C: "Yeah"
> E: "Like a website?"

When talking about The Cloud we're talking about making things invisible. Yet the implications of the actual technology chosen, hidden by that same cloud, matters a lot to most customers: should the application be up and running all the time? Does it matter whether where the servers are physically located (because of data security & privacy concerns)? Don't make it too foggy with labelling stuff cloud-computing.

Image is my own, so the terms at the bottom apply to this pic as well

Continue reading...

HTML 5, cutting edge?

An article, posted more than 14 years ago filed in w3, html, html5, xhtml, canvas & technology.

I recently started my own business. Hence I am in need of a consistent style. That also includes a style for print. Since love the web, I thought I should use a proper CSS print template, instead of having a Word / OpenOffice Writer or whatever template. But print-quality CSS-print stylesheets? I had to go back to researching HTML and CSS again, something I gave up when standards more or less settled on CSS2 and XHTML1 and only browser vendors had to catch up with the standards. Roles have changed now, browser vendors like those behind Safari, Chrome, Firefox, Opera are pushing the standards to another level. But things are so chaotic! It seems we're going back to 1997, the year Internet Explorer 4 was released, pushing the limits of the standards way beyond what was possible at that time with cool effects, 3D plugins and more.

While the W3 consortium was working slo…

Continue reading...

Behaving like a consumer?

An article, posted about 15 years ago filed in technology, behaviour, buying, consumer, decision, making & nas.

About almost a year ago, I decided to buy a Network Attached Storage (NAS) device. A what? Well, a NAS is essentially a harddisk that is connected to a network (instead of connected directly to your computer). My experience with NAS'es, however, is not the primary reason for writing this post. I wanted to share with you my process of buying the NAS device.So what did I do?I made a list of interesting devices. Based on reviews, based on names I've heard, that matched my primary criterion: a dual hard drive solution (configurable as RAID 1 (two harddrives in one device, that are exact copies of each in case one disk fails)) with a network interface. As energy isn't free either (and a NAS is at least idle 24x7) and I'm not reckless when it comes down to the effects of energy consumption on our planet, I took energy consumption into account as well. Additionally, I had a few, secondary wishes, features, things that I would appreciate. The end score was made up …

Continue reading...

Thursday at the Next Web

An article, posted more than 15 years ago filed in web, design, technology, next, web2.0, the, google & trends.

My ticket was sponsored by The Bean Machine.In this post summaries of different talks at The Next Web. Read more about the future of search, what Google would do, what Andrew Keen is thinking about the read/write web, what Matt Mullenberg, of Worpress, thinks about how the web should work and finally how well Andrew Keen and Chris Sacca get along.Future of searchCool presentation. Moving towards the semantic web, but acknowledging that most of the data is still not as well structured as one would hope. Search however is just a way to get a problem solved, it should not be a goal in itself. Presenter is proposing that search engines should move into task completion assistants (interpretated, e.d.). Neat idea. Lack of real time search is ridiculized by Hermione, but real time isn't important for everything in this world of course. Want to check it out: sandbox.yahoo.com.What would google do?Decomposing Google to its essence, their business ethic/way of working….

Continue reading...

murb blog