Roles Enterprise MIT Rob Campanella Identity & Access Management MIT | IS&T | Systems Optimization & Integration Solutions W |

Slides:



Advertisements
Similar presentations
Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
Advertisements

AUTHENTICATION AND KEY DISTRIBUTION
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
6 th Annual Focus Users’ Conference 6 th Annual Focus Users’ Conference Profiles and User Permissions Presented by: Josh Mostyn Presented by: Josh Mostyn.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
ACDM Focus 2 – Processes December 13, 2013 Diane Guerrero Principal SCM Engineer.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.
AZURE RESOURCE MANAGER API  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource.
Distributed Systems: Client/Server Computing
Understanding Active Directory
Microsoft Dynamics CRM 2011 Update Rollup 5 Enhancements Dana Martens Escalation Engineer Microsoft.
IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.
Overview of Access and Information Protection
DATA GOVERNANCE Presentation to CSG September 27, 2007 Mary Weisse Manager, MIT Data & Reporting Services
Survey of Identity Repository Security Models JSR 351, Sep 2012.
1 Introduction An organization's survival relies on decisions made by management An organization's survival relies on decisions made by management To make.
The Roles Database at MIT Jim Repa Scott Thorne September 21, 2000 CSG Conference Boulder, Colorado See also:
GatorLink Password Management Policy March 31, 2004.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.
Understanding ADAM Version 2.0 ADAM Training Session.
DEP350 Windows ® Rights Management (Part 1): Introduction, Concepts, And Technology Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.
The Roles Database at MIT Scott Thorne Jim Repa December 12, 2001 See also:
MIT’s Roles Database: Our Model for Authorizations Jim Repa Common Solutions Group January 11, 2002 See also:
MIT ROLES DB CSG, May Previous Presentations Talk given by Jim Repa at EDUCAUSE Conference (Long Beach, CA, Oct. 29, 1999) –
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
1 Mail Saurus Reference:“Usable Encryption Enabled by AJAX” J.F. Ryan; B.L. Reid; Networking and Services, ICNS '06. Digital Object Identifier /ICNS
Windows Role-Based Access Control Longhorn Update
USDA webTA Configuration Process United States Department of Agriculture Office of the Chief Financial Officer National Finance Center.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Authority Implementation Stanford University Lynn McRae CSG Presentation September 18, 2002.
DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Class 4 Agenda Database Management Systems Database Management Systems Chapter 4: Moore’s Law Chapter 4: Moore’s Law Midterm Case Midterm Case.
Advanced Authentication Campus-Booster ID: Copyright © SUPINFO. All rights reserved Kerberos.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Information Systems and Network Engineering Laboratory I DR. KEN COSH WEEK 1.
SharePoint Online Hybrid Troubleshooting Tips and Tricks Manas Biswas Sr. Support Escalation Engineer, SharePoint Online Escalation Services Microsoft.
Docker for Ops: Operationalize Your Apps in Production Vivek Saraswat Sr. Product Evan Hazlett Sr. Software
19 Copyright © 2008, Oracle. All rights reserved. Security.
Portals and CRM: what, When, Why, and How
Secure Connected Infrastructure
562: Power of Single Sign-On in OpenEdge
Training for developers of X-Road interfaces
Cisco ISE 1.2 Mobile Device Management Integration
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Alternative Solutions
Secure Remote Access to on-premises Web Apps using Azure AD
GMS.NET Security Overview.
Change Deployment in ServiceN w
Vertex & EnterpriseOne
Enterprise Integration: Workflow
Project Management Complexity, Risks, Failure and Technology
Project Accounting in Microsoft Dynamics SL | Time & Expense.
An Introduction to Computer Networking
Identity Infrastructure Fundamentals and Key Capabilities
Cal Poly Pomona Identity Management
The User Interface Design Process
Ron Daniel Jr. Standards Architect
“All About Me” Staff Development Day
PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware
Signet & Privilege Management
System Center Marketing
Groups and Permissions
Security Policies and Implementation Issues
Authority Implementation Stanford University
Presentation transcript:

Roles Enterprise MIT Rob Campanella Identity & Access Management MIT | IS&T | Systems Optimization & Integration Solutions W | | This entire presentation can be found here: (Enterprise Authorization)

2 Session Objectives  What is an authorization?  Enterprise Authorization  What is it?  Why should I use it?  How do I use it?  Q&A

3 What is an authorization?  3 parts Who (person) What (function) Where (qualifier)  can be NULL  Examples Tom Brady is quarterback for the New England Patriots Rob Campanella can spend on profit center PC Rob Campanella is Roles Administrator

4 Person (The who)  Now  Kerberos Principal  Future possibilities  Touchstone Collaboration Account  Moira Group

5 Function (The what)  Usually a task, but could also describe position/responsibility  Defined in understandable business terms  Grouped into ‘categories’  Paired with a specific qualifier type  Marty Walsh is Mayor of Boston (City qualifier type works)  Marty Walsh is Mayor of Massachusetts (State qualifier type does not work)

6 Function cont. – Inheritance Can edit HR data Can view HR data Jeff can view HR data for Biology Eddie can edit HR data for Biology Eddie can view HR data for Biology

7 Qualifier (The where)  Defines scope  Hierarchy based  (or NULL)

8 Qualifier cont. – Inheritance ALL Departments School of Science BiologyChemistry School of Engineering Mechanical Engineering Auth here means only Biology Auth here means entire School of Science (Biology & Chemistry in this example)

9 Additional authorization rules/fields  No negative authorizations  Effective & expiration dates  Can do vs Can grant

10 Life without Enterprise Authorization  User enters auths into multiple systems  Each system may have different interface  Must understand inner workings of each system to create appropriate auths  Conflicts can be created  Same business auth may need to be entered in multiple systems  No complete picture of user’s authorizations System #1 System #2 System #3 System #4 System #N

11 Life with Enterprise Authorization  Single interface for entering all auths  Only need to understand the business need, not the underlying system  Same auth can span multiple systems  Conflicts prevented  Can see complete picture of a user System #1 System #2 System #3 System #4 System #N ROLES

12 Enterprise MIT = ROLES (rolesapp.mit.edu)  Centrally Managed Authorization System of Record  Distributed entry/maintenance Access should be granted by those closest to the resource Primary Authorizers  Conflict/SOD Identification/Prevention  Implied (rule based) authorizations  Audit trail  Reporting  API

13 API Example (Currently SOAP) System #1 ROLES Can RCAMPANE view HR data for BIOLOGY? YES Can RCAMPANE view HR data for CHEMISTRY? NO

WSDLs  Dev:  Test:  Prod: Method: IsUserAuthorizedExt 14

SOAP Request RCAMPANE UADM UA_DECISION_RPT NULL DECI$ION B 15

SOAP Response false 16

Steps required to call Roles SOAP API  Request an app certhttps://wikis.mit.edu/confluence/display/devt ools/Home  Create “server” user in Roles  Associate app cert w/ server user in allowedLocations.properties file on Roles web server  Grant appropriate auths to server user 17

18 Q&A  Questions now?  Questions later?  Project later? Involve us as early as possible

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.