1 / 40

Progress Software

Progress Software. Identity Management 101. Sarah Marshall OpenEdge QA Architect May 2012. What is Identity Management?. About protecting your data. About verifying and controlling who accessing your data. About minimizing where and when you verify who is accessing your data .

shiloh
Download Presentation

Progress Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Progress Software Identity Management 101 Sarah MarshallOpenEdge QA Architect May 2012

  2. What is Identity Management? About protecting your data About verifying and controlling who accessing your data About minimizing where and when you verify who is accessing your data And what happens if your not authorized!

  3. Edna Mode

  4. Building blocks to IdM

  5. Building blocks to IdM Authentication systems Systems you will use (or are using) to maintain your list of users

  6. Building blocks to IdM Domain configuration Categories of users that have in common the data they can access Authentication systems Systems you will use (or are using) to maintain your list of users

  7. Building blocks to IdM Configurations for individual users defining their access privileges Authorization configuration Domain configuration Categories of users that have in common the data they can access Authentication systems Systems you will use (or are using) to maintain your list of users

  8. Building blocks to IdM Architecture to support IdM Single point of identity management for all systems Configurations for individual users defining their access privileges Authorization configuration Domain configuration Categories of users that have in common the data they can access Authentication systems Systems you will use (or are using) to maintain your list of users

  9. The CLIENT-PRINCIPAL Built in ABL security token CREATE CLIENT-PRINCIPAL hCP hCP:INITIALIZE(…) Set current identity in any session db connection SECURITY-POLICY:SET-CLIENT(hCP) SET-DB-CLIENT(<dbname>, hCP) Created by the AVM if not created explicitly SETUSERID(<userid>, <psswd>, <dbname>) cmd> $PROEXE –U <userid> -P <psswd> Manage a user’s login session rCP = hCP:EXPORT-PRINCIPAL hCP:LOGOUT()

  10. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  11. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  12. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  13. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  14. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  15. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  16. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  17. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  18. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  19. Authentication systems The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  20. Authentication systems The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Kerberos Game over FINISH LDAP OE DB Logged in Expired! Client AS C DB Logout AS DB

  21. Authentication systems The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Kerberos Game over FINISH LDAP OE DB Logged in Expired! Client AS C DB Logout AS DB

  22. Authentication systems The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP OpenID START Kerberos Game over FINISH LDAP OE DB Logged in Expired! Client AS C DB Logout AS DB

  23. Authentication systems The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START _sec-authentication-system Game over FINISH _Domain-type: _oeusertable _oslocal _extsso User Defined OE DB Logged in Expired! Client AS C DB Logout AS DB

  24. Domain configuration What are domains?

  25. Domain configuration Defining domains • Have roles and responsibilities in common • Have level of security in common • Have data access privileges in common _sec-authentication-domain _Domain-name _Domain-type _Domain-description _Domain-access-code _Domain-runtime-options _Tenant-name

  26. Domain configuration Using domains The client uses the domains defined in a database SECURITY-POLICY:LOAD-DOMAINS(DB1) 1. Each database can use it’s own domain registry 2. Each database can share the session’s registry Client OE DB1 OE DB2 OE DB3 OE DB4

  27. Authorization configuration User permissions • Authorization for individuals • Table and field level permissions: CAN-* fields • Runtime persmission: CAN-DO()function CAN-DO(“*.Admin”)

  28. The Game Board Login Create C-P Authentication LDAP User Account System LDAP LDAP START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  29. Architecture to support IdM Security Token Service Create C-P Authentication User Account System LDAP LDAP LDAP User Credentials Security Token Service • take login information AS • runs authentication plug-in C DB • seals CLIENT-PRINCIPAL • makes it available to the application

  30. Architecture to support IdM Security Token Service Login Security Token Service START Game over FINISH OE DB Logged in Expired! Client AS C DB Logout AS DB

  31. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB Credentials Domains CCID ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  32. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB Domains CCID = Client Context Identifier CCID ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  33. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB Domains CCID ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  34. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB CCID Domains ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  35. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB CCID Domains ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  36. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB Domains ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  37. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB Domains ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  38. Architecture to support IdM Anatomy of an STS Login DB AS DB DB AS AS ABLClients OpenClients AdapterClients DB Domains ABL STS AppServer AuditTrail Domains OpenEdge Session … LDAP _User OpenID OEDB TBD

  39. Building blocks to IdM Architecture to support IdM Single point of identity management for all systems Configurations for individual users defining their access privileges Authorization configuration Domain configuration Categories of users that have in common the data they can access Authentication systems Systems you will use (or are using) to maintain your list of users

More Related