1 / 12

IISIS Redesign

IISIS Redesign. Architecture Java Re-implementation Security Framework 911 Bridge. Architecture. Web server cluster Use of HA Linux for load balancing and failover monitoring. Architecture. Low cost proof-of-concept environment Can be built for under $2000

vladimir-hughes
Download Presentation

IISIS Redesign

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IISIS Redesign Architecture Java Re-implementation Security Framework 911 Bridge

  2. Architecture • Web server cluster • Use of HA Linux for load balancing and failover monitoring

  3. Architecture • Low cost proof-of-concept environment • Can be built for under $2000 • Targeted for municipalities on a budget • Fault tolerant and scalable

  4. Architecture

  5. Java Re-implementation • Current code base is in Perl, leveraging the Catalyst Framework (i.e., Ruby on Rails or Struts for Perl). • A light weight Java container such as Spring allows for a fully transparent design and better separation of concerns. • Full transparency to data layer through Hibernate. A small municipality on MySQL will have the same data services as a regional center utilizing Oracle. • Java design makes use of Dependency Injection to enable true encapsulation of modules as services. • Java is more secure for packaging and deploying commercially.

  6. Security Framework • Problems with traditional Role Based Authentication Control (RBAC) • User must be assigned roles that contain their permissions. • In practice, roles rarely encompass all of users required permissions.

  7. Security Framework • The solution – a robust provisioning model • Break the paradigm by allowing the permissions to be assigned directly to user • Allow roles to be assigned to other roles to better describe subsets of permissions

  8. Security Framework • Additional features • Domain based provisioning and trusts Internal to Domain External to Domain

  9. Security Framework • Arbitrary attributes tied to a user-permission combination, regardless if permission is assigned directly or via a role

  10. Security Framework • Default attributes are stored independent of user-permission. Only utilize additional storage when attribute value differs from default. • Can restrict attributes to a pre-defined list of values. • Permissions are self administering via a shadow permission. • Shadow permission attributes determine what a give administrator is able to do with a permission (assign, delegate admin, edit and/or view attributes) • Attributes enable other features such as time based permission assignment.

  11. 911 Bridge

  12. IISIS Redesign • Questions?

More Related