Authorize Enterprise Service A generic solution to a pervasive problem.

The modern enterprise landscape has become a sea of isolated and semi integrated enterprise systems. Neat architectural diagrams may show system deployment, function and data flow but they hide a jungle of access control policies hidden in individual applications, outdated documents and administrators' heads. Do you know what systems your users actually have access to? Does anybody? Do you have confidence that when people change roles or leave your organisation, that their access rights are updated accordingly? Can you comply with your privacy obligations regarding access to your clients' personal data?

These are just some of the questions that Authorize can help you answer. Authorize is a technology independent authorisation service that allows you to model your real world authorisation needs and enforce them as enterprise wide policies that control access to all participating systems. Authorize supports the full range of entities needed to do real world modelling. Policies are created from Users, Roles, Groups, Commands, Targets, Permissions and Time and are enforced using an ultra flexible and easy to use rules engine. Access can be controlled down to very specific system functions, the data values entered or the parameters used in commands.

If users change job, then simply remove them from their old roles and add them to their new ones. Their access across all participating systems will be modified accordingly.

Technology independence means that the same server can concurrently control access to web services, internal applications and configuration of equipment from door locks to telephone exchanges.

The distributed architecture enables you to start with a single server and then to grow to as many federated servers as needed. The flexibility provided by the policies and the rules engine means that complex rules can be applied independently of the application seeking authorisation.

Aspect Oriented

Authorize is an aspect oriented service, which means that it provides a mechanism for separating authorisation functions away from individual applications and allows them to be controlled in a uniform manner across the enterprise. This provides real advantage from a number of perspectives. Application developers simply need to use a server plug-in or a drop-in class to which they direct all authorisation requests.

All policy generation, distribution, decision and enforcement are handled transparently by the authorisation service. Authorisation administrators map the corporate authorisation policies onto any number of participating systems through one or more consoles connected to a central repository providing a single view of access across many systems. This centralised control ensures that new users are given all of the necessary access rights required in one easy operation. Similarly access by any user, group of users or to any system or group of systems can be suspended, cancelled or otherwise modified with a single action.