jspωiki
Entitlement Management System

Overview#

Entitlement Management System (EMS) is responsible for centrally managing, distributing and enforcing Authorization policies throughout the organization and beyond.

Authorization is inherently difficult to centralize. The Entitlement Management System makes it possible to make authorization decisions on different levels as the requests flow through the system.

Role Based Access Control (RBAC) system to an Attribute Based Access Control (ABAC) system is possible once the Identity Management is in place. Having an API Security Service is also helpful when deploying ABAC.

Role Based Access Control has limitations when used for large scale API infrastructures in that operations are often hard to map against roles. This can lead to role explosion, and becomes increasingly hard to maintain over time. The logic necessary to implement proper authorization rules becomes intricate and hard to test. ABAC addresses these problems by generalizing the authorization decision and by allowing Authorization policies to be written and maintained out of band.

Entitlement Management System contains the following components:

Some examples:

More Information#

There might be more information for this subject on one of the following: