Monday Oct 13, 2008

OpenDS in under 3 minutes

Nick Wooler the product line manager for the directory services team has posted a screencast on installing OpenDS in under 3 minutes !!! This screencast is a must watch.




watch the simplicity of the entire installation process. It's simply awesome. The entire install including pre-populating OpenDS with 2000 simulated/sample entries was done in under 3 minutes in 5 extremely simple steps. (it takes longer to boil an egg)

User Experience DOES matter.


... and if you liked the soundtrack used in the screencast.. it's "Light & Day / Reach for the Sun" by The Polyphonic Spree feel free to download it from iTunes. (thanks shazam). And for pine-apples... here's the YouTube full length video (which is also under 3 minutes) :

Tuesday Jan 15, 2008

In the beginning there were GROUPS... and along came ROLES

Guess the one question I would continually be posed with whenever I interact with folks involved in Identity Management, is the usage of groups vs roles and the best practices for choosing one or the other. Well, hopefully the folks who keep searching for answers on this stumble on this blog and not ask me this over and over...

SO explanation: Once upon a time GROUPS was a convenient way to aggregate users. GROUPS were used to simplify the process of managing access permissions and generic attributes with a subset of users. To make management simpler, GROUPS could be made a subset of another GROUP and thus inherit permissions etc from it's parent. The ability to make GROUPS a subset of another facilitated a hierarchical structure. GROUPS is a simple aggregate.

and then.. along came ROLES.

So: A ROLE is a special type of GROUP. the properties of ROLES and GROUPS are extremely similar. But when GROUPS are used to OBJECT permissions, ROLES are used for APPLICATION permissions. ROLES provide a scemantic grouping of policies/permissions with a common subject which pertains to the users role(noun) - capacity, function, position, duty in an organization. A ROLE can enable one to associate policies with an automated component (ie: application). A ROLE is thus a SPECIAL GROUp where all the policies/permissions have the same subject.

Roles and further be categorized as FLAT ROLES, DYNAMIC ROLES etc... Flat ROLES are exactly the same as GROUPS in usage and behaviour.

Someday soon, when i get a moment to spare a thought again I shall try to blog on ROLES and their flavors in more detail.. Cheers for now.

About

for everything on Identity, JCAPS, SOA, WebServices, Security, Single Signon, Federation, Provisioning, Virtualization, Optimization, Debugging, Workflows, Compliance, MySQL and more... WAY MORE....

[this is a group blog]

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today