directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject [Triplesec] [AuthZ] Authorization Managers
Date Wed, 24 Oct 2007 17:51:19 GMT
Authorization Managers
----------------------------------

Medium to large scale application deployments within complex environments
occur
often within the enterprise.  Several divisions, processes and applications
require
the management of authorization policy for many groups and identities.
Centralizing
the access and administration of authorization policy improves several
aspects of
management:

  o centralized policy stores enable a standard mechanism for representing
     and accessing policy information rather than having each application
     devise it's own representation and backing store

  o policy backup and restoration operations are simplified when several
     instances of the same application or different applications use a
centralized
     policy store

  o there is a reduced learning curve for administrators who use the same
tools
     across applications to manage policy rather than having to learn how to
use
     a specific tool for a each application

  o policy audits are greatly simplified when a principal's policy across
all
     applications resides in (what appears to be) a single centralized
location

  o policy provisioning is also greatly simplified when policy information
is
     centralized

  o advanced capabilities in the policy store like snapshoting and
versioning
     can be extended to all applications leveraging the centralized store

  o the authority to manage policy across divisions and applications can be
     parceled out to different administrators when the policy store is
centralized;
     this is benefit is referred to as delegation of authority

  o additional policy enhancing services benefit all applications using a
centralized
     policy service

Several products have emerged to centralize access to policy information.
These
products usually come bundled with programing APIs, tools, and adapters to
integrate
with common existing systems which increases their uptake, and usability for
an
immediate return to customers investing in the product.  Products of this
type, are
often referred to as Authorization Managers and usually they are included in
a larger
suite of services composing an identity solution.

More glossary terms:

Delegation of Authority:
    The term given to the assignment of administrative operations to
specific authorities within
    different jurisdictions to facilitate a division of management.

Authorization Manager:
     A class of products found in identity management suites which enables
the centralized
     management of authorization policy across applications.

Alex

Mime
View raw message