OpenPMF centrally stores policy models that are automatically turned into technical access control and audit rules, which are then consistently enforced for all applications which are protected by an OpenPMF policy enforcement point (PEP).
Yes. See Supported Technologies for details. We can also enhance OpenPMF to cover any particular other technologies you need to enforce security policies for.
Save time and money: Security professionals focus on security without the need to be application experts. Application professionals focus on the application without the need to be security experts. OpenPMF automatically generates & updates application security policies for them. Security & development are separated, but linked via OpenPMF’s policy automation. Adopt security easily & flexibly: [...]
SOA is often designed with dynamic change (agility) and reuse in mind. SOA is also often built using web applications. OpenPMF can automate policy generation, enforcement, and update for such application landscapes in such a way that technical security enforcement rules can be automatically updated whenever the interactions between web applications change. Without OpenPMF, security [...]
See Supported Technologies.
See Supported Technologies. OpenPMF supports more technologies than any other authorization management product in the market.
OpenPMF policies can either be default security policy model templates, or tailor-made security policy models . Default policy model templates includes policies such as “only allow the interactions the application developer has programmed; deny and log everything else”, or “only allow access to SOA services based on the sequence of the BPM workflow used to [...]
Configure intuitive business security requirements Generate matching technical security policies automatically Enforce technical security policies transparently Audit technical security policies transparently Update technical security policies automatically
OpenPMF is a whitelisting technology, i.e. it explicitly allows good accesses and denies everything else. This approach is more reliable than blacklisting, which explicitly blocks known bad accesses but allows everything else. Using conventional methods, whitelisting is hard because many rules have to be manually written – OpenPMF solves that challenge with its unique policy [...]
OpenPMF mainly focuses on application security policies for access control and auditing. This is called “authorization management”, and is a critical part of today’s application security strategy.