Friday Aug 22, 2008

Ongoing Discussion: A provisioning-centric view of how enterprise applications do security

As an Identity Management practitioner, you are expected to thoroughly understand how dozens or maybe hundreds of different applications in your enterprise "do" security. You need to know each application well enough to mine it for existing permissions, create and manage roles containing its fine-grained permissions, provision users to it, structure attestation processes for it, and so on. This is no easy job. Each of your applications has its own security model and those models, some of which are decades old, can be... quirky. I've begun a project to document the internal security models of about fifty different enterprise systems, from LDAP to RACF to the Oracle eBusiness Suite. I'm going to share that information, one system at a time, on this blog. I won't be describing the entire internal security model of each application. Rather, I'll be describing the parts that we need to know in order to build a provisioning and role management system. I could really use your contribution. If you understand the security model of a popular or even not so popular enterprise software package, write it down and send it to me. I'll publish your work - and give you credit of course. Also, if you read something that I've written and see that I've got it wrong, use the comment form at the bottom of each post.[Read More]
About

Articles and thoughts, many far too long, relating to Identity Management.

Search

Top Tags
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today