Ongoing Discussion: A provisioning-centric view of how enterprise applications do security

As an Identity Management practitioner, you are expected to thoroughly understand how dozens or maybe hundreds of different applications in your enterprise "do" security. You need to know each application well enough to mine it for existing permissions, create and manage roles containing its fine-grained permissions, provision users to it, structure attestation processes for it, and so on. This is no easy job. Each of your applications has its own security model and those models, some of which are decades old, can be... quirky.

I've begun a project to document the internal security models of about fifty different enterprise systems, from LDAP to RACF to the Oracle eBusiness Suite. I'm going to share that information, one system at a time, on this blog. I won't be describing the entire internal security model of each application. Rather, I'll be describing the parts that we need to know in order to build a provisioning and role management system.

I could really use your contribution. If you understand the security model of a popular or even not so popular enterprise software package, write it down and send it to me. I'll publish your work - and give you credit of course. Also, if you read something that I've written and see that I've got it wrong, use the comment form at the bottom of each post.Below is a list of the systems that will be analyzed and documented here. If you know how one these systems handles users, user rights (whether groups, roles, or ACIs), and user provisioning, send me an email at jeff.shukis at oracle.com.

The List:
AIX
BMC Remedy
Computer Associates ACF2
HP OpenVMS
HP-UX
IBM DB
IBM Tivoli Access Manager
iPlanet LDAP
JD Edwards EnterpriseOne
LDAP V3
Lotus Domino
Lotus Notes
Microsoft AD
Microsoft ADAM
Microsoft Exchange 2003
Microsoft Exchange 2007
Microsoft Windows
mySQL
Netscape LDAP
Novell eDirectory
Novell Groupwise
Novell NDS
Oracle Internet Directory
Oracle Identity Manager
Oracle DB
Oracle EBS
OS/400
PeopleSoft
RACF
RACF LDAP
Red Hat LDAP
Red Hat Linux
RSA Access Manager
RSA Authentication Manager
RSA ClearTrust
SAML
SAP
SPML
SQLServer 2000
SQLServer 2005
SQLServer 6.5
SQLServer 7
Sun LDAP V5
Sun LDAP V6
Sybase DB
Top Secret
XACML

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Articles and thoughts, many far too long, relating to Identity Management.

Search

Top Tags
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today