Knowing if the right people have the right access to the right things, under the right conditions, is very tricky.
The well-established products in the area of Runtime Authorization to support modelling policies follow a model and language that are very complex and difficult to use, resulting in policies that are chaotic and complex, thus hard to write, manage and analyse.
A UK company has developed a solution - a novel Runtime Authorization (sometimes called Dynamic Authorization) software tool, that centralises and models fine-grained access control (aka authorisation) policies, defining “who” has access to “what” sensitive resources in an organisation and under “which” conditions that access applies, taking into account time, location, and other session/context-relevant runtime information. (The tool sits in a niche area of the Identity & Access Management domain, itself a branch of cybersecurity.)
The UK company's product uses a new access control model that is category-based to simplify the administration and analysis of access policies from the ground-up. It also uses ML-powered suggestions to automatically generate and suggest improvements to access policies, thus efficiently optimising organisational security.
The product provides the simplest and most efficient method for writing and managing fine-grained access policies, which tend to be complex and chaotic. Specifying and understanding that the right people have access to the right things under the right conditions is simplified beyond all existing products.
They are seeking both researchers and end-users to help define the technical requirements and test the prototype respectively, via technical cooperation agreements. The researchers may be in industry or academia and be working with AI (artificial intelligence)/ML techniques or applications, and the end-user companies could be in a range of sectors but should have fine-grained access policies needing a runtime authorization tool.