|
Home > Archive > Apache Directory Project > October 2007 > [Triplesec] [AuthZ] Authorization Managers
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Triplesec] [AuthZ] Authorization Managers
|
|
| Alex Karasulu 2007-10-24, 1:11 pm |
| Authorization Managers
----------------------------------
Medium to large scale application deployments within complex environments
occur
often within the enterprise. Several divisions, processes and applications
require
the management of authorization policy for many groups and identities.
Centralizing
the access and administration of authorization policy improves several
aspects of
management:
o centralized policy stores enable a standard mechanism for representing
and accessing policy information rather than having each application
devise it's own representation and backing store
o policy backup and restoration operations are simplified when several
instances of the same application or different applications use a
centralized
policy store
o there is a reduced learning curve for administrators who use the same
tools
across applications to manage policy rather than having to learn how to
use
a specific tool for a each application
o policy audits are greatly simplified when a principal's policy across
all
applications resides in (what appears to be) a single centralized
location
o policy provisioning is also greatly simplified when policy information
is
centralized
o advanced capabilities in the policy store like snapshoting and
versioning
can be extended to all applications leveraging the centralized store
o the authority to manage policy across divisions and applications can be
parceled out to different administrators when the policy store is
centralized;
this is benefit is referred to as delegation of authority
o additional policy enhancing services benefit all applications using a
centralized
policy service
Several products have emerged to centralize access to policy information.
These
products usually come bundled with programing APIs, tools, and adapters to
integrate
with common existing systems which increases their uptake, and usability for
an
immediate return to customers investing in the product. Products of this
type, are
often referred to as Authorization Managers and usually they are included in
a larger
suite of services composing an identity solution.
More glossary terms:
Delegation of Authority:
The term given to the assignment of administrative operations to
specific authorities within
different jurisdictions to facilitate a division of management.
Authorization Manager:
A class of products found in identity management suites which enables
the centralized
management of authorization policy across applications.
Alex
| |
| David Jencks 2007-10-30, 7:11 pm |
|
On Oct 24, 2007, at 10:51 AM, Alex Karasulu wrote:
> Authorization Managers
> ----------------------------------
>
> Medium to large scale application deployments within complex
> environments occur
> often within the enterprise. Several divisions, processes and
> applications require
> the management of authorization policy for many groups and
> identities. Centralizing
> the access and administration of authorization policy improves
> several aspects of
> management:
>
> o centralized policy stores enable a standard mechanism for
> representing
> and accessing policy information rather than having each
> application
> devise it's own representation and backing store
>
> o policy backup and restoration operations are simplified when
> several
> instances of the same application or different applications
> use a centralized
> policy store
>
> o there is a reduced learning curve for administrators who use
> the same tools
> across applications to manage policy rather than having to
> learn how to use
> a specific tool for a each application
>
> o policy audits are greatly simplified when a principal's policy
> across all
> applications resides in (what appears to be) a single
> centralized location
>
> o policy provisioning is also greatly simplified when policy
> information is
> centralized
>
> o advanced capabilities in the policy store like snapshoting and
> versioning
> can be extended to all applications leveraging the centralized
> store
>
> o the authority to manage policy across divisions and
> applications can be
> parceled out to different administrators when the policy store
> is centralized;
> this is benefit is referred to as delegation of authority
>
> o additional policy enhancing services benefit all applications
> using a centralized
> policy service
>
> Several products have emerged to centralize access to policy
> information. These
> products usually come bundled with programing APIs, tools, and
> adapters to integrate
> with common existing systems which increases their uptake, and
> usability for an
> immediate return to customers investing in the product. Products
> of this type, are
> often referred to as Authorization Managers and usually they are
> included in a larger
> suite of services composing an identity solution.
>
> More glossary terms:
>
> Delegation of Authority:
> The term given to the assignment of administrative operations
> to specific authorities within
> different jurisdictions to facilitate a division of management.
>
I don't disagree with this, but wonder if this is an authorization
question for users of the authorization manager application itself?
> Authorization Manager:
> A class of products found in identity management suites which
> enables the centralized
> management of authorization policy across applications.
>
I like this description of authorization managers.
thanks
david jencks
> Alex
|
|
|
|
|