Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Published byAshlee Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford."— Presentation transcript:

1 Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford

2 Distributed Access Management CAMP 2 Workshop Orientation Agenda –Intro: What are Grouper & Signet? What are the chief technical integration tasks to implement them? –Examine each of these integration areas –Handout Level of detail: capabilities, not syntax of configuration files Try to complement, not overlap, program of the CAMP that follows

3 Distributed Access Management CAMP 3

4 4 Relative Roles of Signet & Grouper Grouper Signet RBAC model Users are placed into groups (aka “roles”) Privileges are assigned to groups Groups can be arranged into hierarchies to indirectly bestow privileges Grouper manages, well, groups Signet manages privileges Separates responsibilities for identification & entitlement

5 Distributed Access Management CAMP 5 Relative Roles of Grouper & Signet Grouper Binary info – you’re either in some list or not Identity- or affiliation-based access control or distribution Identification layer of an encompassing access management scheme Locally tweak or combine other groups Signet Structured, qualified info – limits, conditions, scope, … Oriented to individuals rather than roles Human judgment and chain of authority essential for access decisions Enable functional, not just technical, people to manage privileges Supports policy control closer to source of authority Audit requirements

6 Distributed Access Management CAMP 6 Glimpses of Grouper & Signet

7 Distributed Access Management CAMP 7

8 8 Subject API Objective: Enable integration of IdM-enhancing tools with existing IdM infrastructure How: Abstraction layer –Abstracts object schema & identifiers –Abstracts back-end storage technology What: A Subject is an object of any type managed by the IdM system –person, group, application

9 Distributed Access Management CAMP 9 Sources & Subjects Source – a database of subjects –Common back-end store –Common object schema Subject –subjectId, unique within a Source Subject attributes –Identifying – e.g. netId, employeeId, studentId –Descriptive – e.g. name, department, title Subject reference: (subjectId, sourceId) ( In v0.2.1 it’s (subjectId, sourceId, typeId) )

10 Distributed Access Management CAMP 10 Subject API Capabilities Select/search –Get a Subject by its subjectId –Get a Subject by specifying the value of an identifying attribute –Get a Set of Subjects matching a substring search of its attributes Present –Single attribute, Map of all attributes

11 Distributed Access Management CAMP 11

12 Distributed Access Management CAMP 12 Reference Source Adapters JDBC Source Adapter –Heart of configuration is SQL code that implements each search & selection method –Returns one table, each row is one Subject, columns are their attributes JNDI Source Adapter –Heart of configuration is an LDAP query specification implementing each search & selection method

13 Distributed Access Management CAMP 13 Design Issues For Subject API Deployment Choice of subjectId namespaces Consistency of sourceId assignment and subjectId namespace across multiple Source Adapter instances Subject v0.2.1 (current) vs. v1.0 –No more subject “types” –Enabling applications to behave differently with different “types” of subjects

Download ppt "Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford."

Similar presentations

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
SOA Baby Steps Tom Barton University of Chicago. U Chicago & SOA No Big App dropping it on us, yet Wanna be prepared though Web Services seems like a.

SOA Baby Steps Tom Barton University of Chicago. U Chicago & SOA No Big App dropping it on us, yet Wanna be prepared though Web Services seems like a.
JNDI Java Naming Directory Interface JNDI is an API specified in Java that provides naming and directory functionality to applications written in Java.

JNDI Java Naming Directory Interface JNDI is an API specified in Java that provides naming and directory functionality to applications written in Java.
Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.

Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Chapter 3 An Introduction to Relational Databases.

Chapter 3 An Introduction to Relational Databases.
Organizing Data & Information

Organizing Data & Information
Chapter 14: Advanced Topics: DBMS, SQL, and ASP.NET

Chapter 14: Advanced Topics: DBMS, SQL, and ASP.NET
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
Lecture 7 Access Control

Lecture 7 Access Control
Configuration Management

Configuration Management
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.

Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Signet and Grouper for Distributed Attribute Administration

Signet and Grouper for Distributed Attribute Administration
Managing Roles & Privileges with Grouper and Signet Middleware Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University.

Managing Roles & Privileges with Grouper and Signet Middleware Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University.

Similar presentations

Ads by Google