1 / 9

Integrating Applications with the Directory

Integrating Applications with the Directory. Andrea Beesing CIT/Integration and Delivery June 25, 2002. Authentication/Authorization/Access. Authentication What: Verifying the identity of the user How: Kerberos Authorization

bert
Download Presentation

Integrating Applications with the Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002

  2. Authentication/Authorization/Access • Authentication • What: Verifying the identity of the user • How: Kerberos • Authorization • What: Verifying user has authority to run application or business process • How: Permit Server/Application (current)  Directory (future) • Access (to Data) • What: Determining data user can manipulate/view with the application or business process • How: Application-specific

  3. Directory for Authorization – How • Directory has a “Group” object which holds a membership list • Need to map each role to one or more groups • Application simply queries directory (via LDAP) as to groups user is a member of to learn what roles a user has

  4. Directory for Authorization – Benefits • Streamlines the maintenance of application security across campus • Associating a person with a role or group is done once, not within each application • Simplifies task of removing access when an individual changes status

  5. Best Practices to Start With • Keep it simple • Use directory to define membership • Data access rules defined within application • Begin with definition of global groups/roles (student, staff, faculty, payrep) • Avoid proprietary schemas

  6. Issues • Directory must be more fully populated • How is membership in groups/roles maintained • Driven from central system • Determined by local unit • To what extent can it be automated? • Can a generic distributed application be designed for memberships that require manual maintenance?

  7. Big Issue – The NetID Question • What about people who don’t qualify for NetIDs? • What is “legitimizing” ID for inclusion in the directory? • NetID • PeopleSoft EmplID • Guest or temporary (“dirty”) ID

  8. Driver is HR/Payroll/Alumni Affairs suite of Applications • This suite includes • PeopleSoft HR/Payroll/Contributor Relations • Actuate, Brio • Colts, Kronos, PEDL, SES, EE • CU Connect • PeopleSoft 8, Actuate and Brio allow mapping of roles to directory groups

  9. Getting Started • Admin units must agree on definitions of global groups and roles • Admin units must agree on how membership in groups and roles is maintained • Technical team must work with developers and security administrators to help them understand how each application interfaces with the directory

More Related