SlideShare ist ein Scribd-Unternehmen logo

Authorization Services

E
EmpowerID

This document discusses authorization services that provide claims-based and role-based access control for enterprise-wide security. It summarizes challenges with security and access management across multiple systems and locations. It then describes how the solution implements flexible role-based access control models to address these challenges.

Technologie
1 von 18
Authorization ServicesClaims and Role-Based Access Control for Enterprise Wide Security Copyright © 2010. Dot Net Workflow is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com 1
Security Challenges Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com 2 It should be easier to get access to the IT resources I need to work I want to delegate management but not lose control How can we report on who has access to what across all our systems
The “Make Like Bob” ProblemSecurity Based On a Moving Target Protected Resources Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Year N Year 2 Day 1 New Access Granted New Access Granted ? Multiple sites and roles SharePoint Who are you? ? ? ? PO Approver ? AD User: CMH OU X ? Custom Applications CRM LDAP User Send As Bob Sales Executive” ? ? Payroll & Unix User Person ? Full Access ? ? Sales Share Conference Room 5401 New Hire: Jim “Sales Executive” New Hire: Sarah “Sales Executive”
The Challenge with an AD Groups-only Approach Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Access Granted Protected Resources ? Groups Multiple sites and roles John’s User Accounts ? What can you access, when, and why? Who are you? SharePoint ? ? PO Approver Helpdesk Manager ? ? No Reportable or Auditable Link ? Custom Applications Mailbox Helpdesk I Send As John ? ? Person Full Access Shared Mailbox ? ? ? Conference Room 5401
Protected Resource TypesEmpowerID Is an Open Box System Supporting an Unlimited # of Resource Types Custom Applications Windows Servers SAP Microsoft SharePoint Types of Protected Resources Groups Groups Web Resources Mailboxes Dot Net Workflow is an authorization platform that can be extended to support any type of application and application resource. Protected systems containing resources are called “Resource Systems”. EmpowerID modules inventory Resource Systems and enforce permissions. Permissions Management = Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com
Protected Resource ObjectsEach Resource Type Is a Rich Strongly Typed Object That Flows in Processes Dot Net Workflow leverages strongly typed objects to enable drag and drop process design where objects can be passed between workflow steps and processes in a code free manner and bound to forms as live data. Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com
Resource Types Define Rights and OperationsRights are External Permissions and Operations are EmpowerID Actions Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Operations Rights Operations are specific tasks a user may perform or approve within an EmpowerID workflow or custom application. Granting EmpowerID Operations does not grant the user any capabilities within the native system. Rights are native permissions used by the application or operating system owning the resource. Granting rights enables capabilities in that system. Rights are continually monitored and enforced by EmpowerID. Example: Exchange Mailbox Example Mailbox Operations ,[object Object]
Decrease Quota
Edit SMTP
Enable OWA
Enable Calendar Auto-Accept
Edit Forwarding
Grant Send As
Grant Send On BehalfExample Mailbox Rights ,[object Object]
Send As
Send On Behalf
Full Access7
Resource Roles (Application Roles)Logical Bundles of Rights and Operations Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Rights Operations Resource Role Definition ,[object Object]

Empfohlen

Exchange Manager
Exchange ManagerExchange Manager
Exchange ManagerEmpowerID
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
Group Manager
Group ManagerGroup Manager
Group ManagerEmpowerID
 
User Manager
User ManagerUser Manager
User ManagerEmpowerID
 
Password Manager
Password ManagerPassword Manager
Password ManagerEmpowerID
 
EMC ECD Documentum D2
EMC ECD Documentum D2EMC ECD Documentum D2
EMC ECD Documentum D2mister_moun
 
Documentum content server
Documentum content serverDocumentum content server
Documentum content serverSanjay Singh
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 

Empfohlen

Exchange Manager
Exchange ManagerExchange Manager
Exchange ManagerEmpowerID
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
Group Manager
Group ManagerGroup Manager
Group ManagerEmpowerID
 
User Manager
User ManagerUser Manager
User ManagerEmpowerID
 
Password Manager
Password ManagerPassword Manager
Password ManagerEmpowerID
 
EMC ECD Documentum D2
EMC ECD Documentum D2EMC ECD Documentum D2
EMC ECD Documentum D2mister_moun
 
Documentum content server
Documentum content serverDocumentum content server
Documentum content serverSanjay Singh
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Overview of Documentum
Overview of DocumentumOverview of Documentum
Overview of Documentumsushl
 
EMC Documentum Product Line Overview
EMC Documentum Product Line OverviewEMC Documentum Product Line Overview
EMC Documentum Product Line OverviewEmirates Computers
 
Presentation for taste of it 2014 wide - no clients
Presentation for taste of it 2014 wide - no clientsPresentation for taste of it 2014 wide - no clients
Presentation for taste of it 2014 wide - no clientsRobert LeRoy
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager BasicsChekka Venkateshwar Rao
 
Liferay portal advantages
Liferay portal advantagesLiferay portal advantages
Liferay portal advantagesManish Kumar Jaiswal
 
Workflow Services
Workflow ServicesWorkflow Services
Workflow ServicesEmpowerID
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Benefits of using liferay
Benefits of using liferay Benefits of using liferay
Benefits of using liferay SKALI Group
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration toolsSmartDog Services
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Documentum Overview
Documentum OverviewDocumentum Overview
Documentum OverviewHisham Abdel Moneim
 
Documentum training
Documentum trainingDocumentum training
Documentum trainingtekslate1
 
Liferay portal – moving beyond content management
Liferay portal – moving beyond content managementLiferay portal – moving beyond content management
Liferay portal – moving beyond content managementAmbientia
 
Enterprise Access End User Guide
Enterprise Access End User GuideEnterprise Access End User Guide
Enterprise Access End User GuideeFileCabinet
 
Building business applications using business connectivity services using sha...
Building business applications using business connectivity services using sha...Building business applications using business connectivity services using sha...
Building business applications using business connectivity services using sha...Chakkaradeep Chandran
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
OOW09 Integration Architecture EBS R12
OOW09 Integration Architecture EBS R12OOW09 Integration Architecture EBS R12
OOW09 Integration Architecture EBS R12jucaab
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
Demystifying Oracle Cloud ERP Financials
Demystifying Oracle Cloud ERP FinancialsDemystifying Oracle Cloud ERP Financials
Demystifying Oracle Cloud ERP FinancialsPerficient, Inc.
 
OHUG 2015 Updated
OHUG 2015 UpdatedOHUG 2015 Updated
OHUG 2015 UpdatedKiran Mundy
 
TDNF Seminar
TDNF SeminarTDNF Seminar
TDNF SeminarEmpowerID
 
Workflow Studio
Workflow StudioWorkflow Studio
Workflow StudioEmpowerID
 

Weitere ähnliche Inhalte

Was ist angesagt?

Overview of Documentum
Overview of DocumentumOverview of Documentum
Overview of Documentumsushl
 
EMC Documentum Product Line Overview
EMC Documentum Product Line OverviewEMC Documentum Product Line Overview
EMC Documentum Product Line OverviewEmirates Computers
 
Presentation for taste of it 2014 wide - no clients
Presentation for taste of it 2014 wide - no clientsPresentation for taste of it 2014 wide - no clients
Presentation for taste of it 2014 wide - no clientsRobert LeRoy
 
Workflow Services
Workflow ServicesWorkflow Services
Workflow ServicesEmpowerID
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overviewguestf6dc99b
 
Benefits of using liferay
Benefits of using liferay Benefits of using liferay
Benefits of using liferay SKALI Group
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration toolsSmartDog Services
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Documentum training
Documentum trainingDocumentum training
Documentum trainingtekslate1
 
Liferay portal – moving beyond content management
Liferay portal – moving beyond content managementLiferay portal – moving beyond content management
Liferay portal – moving beyond content managementAmbientia
 
Enterprise Access End User Guide
Enterprise Access End User GuideEnterprise Access End User Guide
Enterprise Access End User GuideeFileCabinet
 
Building business applications using business connectivity services using sha...
Building business applications using business connectivity services using sha...Building business applications using business connectivity services using sha...
Building business applications using business connectivity services using sha...Chakkaradeep Chandran
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
OOW09 Integration Architecture EBS R12
OOW09 Integration Architecture EBS R12OOW09 Integration Architecture EBS R12
OOW09 Integration Architecture EBS R12jucaab
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIMTamim Khan
 
Demystifying Oracle Cloud ERP Financials
Demystifying Oracle Cloud ERP FinancialsDemystifying Oracle Cloud ERP Financials
Demystifying Oracle Cloud ERP FinancialsPerficient, Inc.
 
OHUG 2015 Updated
OHUG 2015 UpdatedOHUG 2015 Updated
OHUG 2015 UpdatedKiran Mundy
 

Was ist angesagt? (20)

Overview of Documentum
Overview of DocumentumOverview of Documentum
Overview of Documentum
 
EMC Documentum Product Line Overview
EMC Documentum Product Line OverviewEMC Documentum Product Line Overview
EMC Documentum Product Line Overview
 
Presentation for taste of it 2014 wide - no clients
Presentation for taste of it 2014 wide - no clientsPresentation for taste of it 2014 wide - no clients
Presentation for taste of it 2014 wide - no clients
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
Liferay portal advantages
Liferay portal advantagesLiferay portal advantages
Liferay portal advantages
 
Workflow Services
Workflow ServicesWorkflow Services
Workflow Services
 
Oracle Access Manager Overview
Oracle Access Manager OverviewOracle Access Manager Overview
Oracle Access Manager Overview
 
Benefits of using liferay
Benefits of using liferay Benefits of using liferay
Benefits of using liferay
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration tools
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introduction
 
Documentum Overview
Documentum OverviewDocumentum Overview
Documentum Overview
 
Documentum training
Documentum trainingDocumentum training
Documentum training
 
Liferay portal – moving beyond content management
Liferay portal – moving beyond content managementLiferay portal – moving beyond content management
Liferay portal – moving beyond content management
 
Enterprise Access End User Guide
Enterprise Access End User GuideEnterprise Access End User Guide
Enterprise Access End User Guide
 
Building business applications using business connectivity services using sha...
Building business applications using business connectivity services using sha...Building business applications using business connectivity services using sha...
Building business applications using business connectivity services using sha...
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
OOW09 Integration Architecture EBS R12
OOW09 Integration Architecture EBS R12OOW09 Integration Architecture EBS R12
OOW09 Integration Architecture EBS R12
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
 
Demystifying Oracle Cloud ERP Financials
Demystifying Oracle Cloud ERP FinancialsDemystifying Oracle Cloud ERP Financials
Demystifying Oracle Cloud ERP Financials
 
OHUG 2015 Updated
OHUG 2015 UpdatedOHUG 2015 Updated
OHUG 2015 Updated
 

Andere mochten auch

TDNF Seminar
TDNF SeminarTDNF Seminar
TDNF SeminarEmpowerID
 
Workflow Studio
Workflow StudioWorkflow Studio
Workflow StudioEmpowerID
 
User Experience
User ExperienceUser Experience
User ExperienceEmpowerID
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you areDavid Brossard
 

Andere mochten auch (6)

TDNF Seminar
TDNF SeminarTDNF Seminar
TDNF Seminar
 
Workflow Studio
Workflow StudioWorkflow Studio
Workflow Studio
 
User Experience
User ExperienceUser Experience
User Experience
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
 
Micro Expressions
Micro ExpressionsMicro Expressions
Micro Expressions
 

Ähnlich wie Authorization Services

Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
A Practical Approach for Web Portal Security Using Roles
A Practical Approach for Web Portal Security Using RolesA Practical Approach for Web Portal Security Using Roles
A Practical Approach for Web Portal Security Using RolesRAJEEV KUMAR SINGH
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst WaltherCardinaleWay Mazda
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Short Overview
Short OverviewShort Overview
Short OverviewEmpowerID
 
Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idmedwinlorenzana
 
Ooluk Data Dictionary Manager
Ooluk Data Dictionary ManagerOoluk Data Dictionary Manager
Ooluk Data Dictionary ManagerSiddhesh Prabhu
 
Putting Kit back in SDK
Putting Kit back in SDKPutting Kit back in SDK
Putting Kit back in SDKdarrelmiller71
 
Beyond simple search – adding business value in the enterprise
Beyond simple search – adding business value in the enterpriseBeyond simple search – adding business value in the enterprise
Beyond simple search – adding business value in the enterpriselucenerevolution
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureAidy Tificate
 
Hibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ NizampetHibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ NizampetJayarajus
 
Salesforce External Objects for Big Data
Salesforce External Objects for Big DataSalesforce External Objects for Big Data
Salesforce External Objects for Big DataSumit Sarkar
 
Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...
Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...
Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...ScyllaDB
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...KajolPatel17
 

Ähnlich wie Authorization Services (20)

Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access Control
 
A Practical Approach for Web Portal Security Using Roles
A Practical Approach for Web Portal Security Using RolesA Practical Approach for Web Portal Security Using Roles
A Practical Approach for Web Portal Security Using Roles
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
 
DC
DCDC
DC
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Short Overview
Short OverviewShort Overview
Short Overview
 
RavenDB overview
RavenDB overviewRavenDB overview
RavenDB overview
 
Oim Poc1.0
Oim Poc1.0Oim Poc1.0
Oim Poc1.0
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
 
Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idm
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
Ooluk Data Dictionary Manager
Ooluk Data Dictionary ManagerOoluk Data Dictionary Manager
Ooluk Data Dictionary Manager
 
Putting Kit back in SDK
Putting Kit back in SDKPutting Kit back in SDK
Putting Kit back in SDK
 
Beyond simple search – adding business value in the enterprise
Beyond simple search – adding business value in the enterpriseBeyond simple search – adding business value in the enterprise
Beyond simple search – adding business value in the enterprise
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM Architecture
 
Hibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ NizampetHibernate training at HarshithaTechnologySolutions @ Nizampet
Hibernate training at HarshithaTechnologySolutions @ Nizampet
 
Salesforce External Objects for Big Data
Salesforce External Objects for Big DataSalesforce External Objects for Big Data
Salesforce External Objects for Big Data
 
Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...
Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...
Scylla Summit 2018: Access-control in Scylla - What You Can Do, How It Works,...
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...
 

Mehr von EmpowerID

Short Sales Overview of EmpowerID
Short Sales Overview of EmpowerIDShort Sales Overview of EmpowerID
Short Sales Overview of EmpowerIDEmpowerID
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewEmpowerID
 
Connector Framework
Connector FrameworkConnector Framework
Connector FrameworkEmpowerID
 

Mehr von EmpowerID (6)

SSO Manager
SSO ManagerSSO Manager
SSO Manager
 
Short Sales Overview of EmpowerID
Short Sales Overview of EmpowerIDShort Sales Overview of EmpowerID
Short Sales Overview of EmpowerID
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
 
Products
ProductsProducts
Products
 
Connector Framework
Connector FrameworkConnector Framework
Connector Framework
 
Solutions
SolutionsSolutions
Solutions
 

Kürzlich hochgeladen

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Authorization Services

  • 1. Authorization ServicesClaims and Role-Based Access Control for Enterprise Wide Security Copyright © 2010. Dot Net Workflow is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com 1
  • 2. Security Challenges Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com 2 It should be easier to get access to the IT resources I need to work I want to delegate management but not lose control How can we report on who has access to what across all our systems
  • 3. The “Make Like Bob” ProblemSecurity Based On a Moving Target Protected Resources Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Year N Year 2 Day 1 New Access Granted New Access Granted ? Multiple sites and roles SharePoint Who are you? ? ? ? PO Approver ? AD User: CMH OU X ? Custom Applications CRM LDAP User Send As Bob Sales Executive” ? ? Payroll & Unix User Person ? Full Access ? ? Sales Share Conference Room 5401 New Hire: Jim “Sales Executive” New Hire: Sarah “Sales Executive”
  • 4. The Challenge with an AD Groups-only Approach Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Access Granted Protected Resources ? Groups Multiple sites and roles John’s User Accounts ? What can you access, when, and why? Who are you? SharePoint ? ? PO Approver Helpdesk Manager ? ? No Reportable or Auditable Link ? Custom Applications Mailbox Helpdesk I Send As John ? ? Person Full Access Shared Mailbox ? ? ? Conference Room 5401
  • 5. Protected Resource TypesEmpowerID Is an Open Box System Supporting an Unlimited # of Resource Types Custom Applications Windows Servers SAP Microsoft SharePoint Types of Protected Resources Groups Groups Web Resources Mailboxes Dot Net Workflow is an authorization platform that can be extended to support any type of application and application resource. Protected systems containing resources are called “Resource Systems”. EmpowerID modules inventory Resource Systems and enforce permissions. Permissions Management = Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com
  • 6. Protected Resource ObjectsEach Resource Type Is a Rich Strongly Typed Object That Flows in Processes Dot Net Workflow leverages strongly typed objects to enable drag and drop process design where objects can be passed between workflow steps and processes in a code free manner and bound to forms as live data. Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com
  • 7.
  • 14.
  • 18.
  • 21.
  • 28. Grant Send On Behalf
  • 29.
  • 31. Send AsOutlook Full Control Resource Roles are convenient bundles of Rights and Operations specific for a type of resource and are used for delegation. Rights are permissions used in an external system that can be managed by EmpowerID. Operations are code-based actions protected by EmpowerID (usually in workflows). 8
  • 32. The Bottom Line: Access = Person  Resource RolesAll Assignments Types Result in Matching a Person to a Resource Role Resource: John Doe’s Mailbox ? Person: Steve Smith Editor Via Any Possible Assignment Path Administrator Outlook Full Control All permissions management in EmpowerID occurs by some type of assignment that results in a Person being granted a Resource Role for a Resource.
  • 33. The Measure of an RBAC System is its Flexibility in Obtaining Collections of People and Collections of Resources Left Side = People Right Side = Resources Resource Role ? The key is how to assign theproper people to the proper Resource Roles without creating and managing large numbers of static assignments
  • 34.
  • 35. Right Side: Collections of ResourcesResource Roles are Assigned to Single Resources or By Location Collection of Resources: “Scope” Resource Role Actor Editor ? Direct to a Single Resource Any Actor Type Administrator By Location with Inheritance Resource Role assignments are limited or “scoped” by assigning the Resource Role only for a single Resource or for all Resources in or below a specific EmpowerID Location.
  • 36. LocationsRepresent Logical and Actual Resource System Hierarchies Physical “Resource System” Trees Logical Trees Inheritance of Delegations Location of a Resource The Dot Net Workflow metadirectory supports both Logical and Physical trees within a single Location tree structure. Resources belong to their physical Location implicitly and can be assigned to any number of logical Locations to scope delegation assignments.
  • 37.
  • 38.
  • 39. RBAC MappingMap Physical Directory Locations to Logical Locations 15 Copyright © 2011. empowerID is a trademark of The Dot Net Factory, LLC. |www.TheDotNetFactory.com Business Role and Location mappings allows existing physical directory Locations and roles to be mapped to a logical management structure. e.g. Multiple AD or LDAP directory containers for “London” can be visually mapped to a single virtual “London” Location for unified management and delegation.
  • 40. Management Role InheritanceManagement Roles inherit Resource Roles assigned to their definitions IT Helpdesk Management Role Definition IT Helpdesk (North America) Management Roles (Children) IT Helpdesk (Asia) IT Helpdesk (Europe) Management Roles inherit Resource Role assignments from their definition and then include any assignments to the Management Role itself. The inheritance can only be 1 level deep from a definition to a Management Role. Management Roles cannot be children of other Management Roles or have more than 1 parent.
  • 41.
  • 42. Viewer: Distribution Group @ %SpecifyLocation%
  • 44.
  • 48.
  • 49. Membership Manager: Distribution Group @ %SpecifyLocation%
  • 50. Administrator: User Accounts @ %SpecifyLocation%
  • 51. Administrator: Computers @ %SpecifyLocation%
  • 53.
  • 57. Membership Manager: All Employees Group
  • 61. …IT Helpdesk Management Roles are job or responsibility-based bundles of Resource Roles to allow quick and consistent delegation of IT access needed to perform job responsibilities. 17
  • 62.
  • 63. Viewer: Distribution Group @ NA Location and below
  • 65.
  • 66. Member: All NA Employees Group
  • 68.
  • 69. Membership Manager: Distribution Group @ NA Location and below
  • 70. Administrator: User Accounts @ NA Location and below
  • 71. Administrator: Computers @ NA Location and below
  • 73.
  • 74. Member: All NA Employees Group
  • 75. Membership Manager: All NA Employees Group
  • 79. …IT Helpdesk (North America) Management Roles are job or responsibility-based bundles of Resource Roles and Resource Type Roles to allow quick and consistent delegation of IT access needed to perform job responsibilities. 18