The modern enterprise landscape
has become a sea of isolated and semi integrated enterprise
systems. Neat architectural diagrams may show system
deployment, function and data flow but they hide a jungle
of access control policies hidden in individual applications,
outdated documents and administrators' heads. Do you
know what systems your users actually have access to?
Does anybody? Do you have confidence that when people
change roles or leave your organisation, that their
access rights are updated accordingly? Can you comply
with your privacy obligations regarding access to your
clients' personal data?
These are just some of the questions that Authorize
can help you answer. Authorize is a technology independent
authorisation service that allows you to model your
real world authorisation needs and enforce them as enterprise
wide policies that control access to all participating
systems. Authorize supports the full range of entities
needed to do real world modelling. Policies are created
from Users, Roles, Groups, Commands, Targets, Permissions
and Time and are enforced using an ultra flexible and
easy to use rules engine. Access can be controlled down
to very specific system functions, the data values entered
or the parameters used in commands.
If users change job, then simply remove them from their
old roles and add them to their new ones. Their access
across all participating systems will be modified accordingly.
Technology independence means that the same server
can concurrently control access to web services, internal
applications and configuration of equipment from door
locks to telephone exchanges.
The distributed architecture enables you to start with
a single server and then to grow to as many federated
servers as needed. The flexibility provided by the policies
and the rules engine means that complex rules can be
applied independently of the application seeking authorisation.
Authorize is an aspect oriented
service, which means that it provides a mechanism
for separating authorisation functions away from
individual applications and allows them to be
controlled in a uniform manner across the enterprise.
This provides real advantage from a number of
perspectives. Application developers simply need
to use a server plug-in or a drop-in class to
which they direct all authorisation requests.
All policy generation, distribution, decision and enforcement
are handled transparently by the authorisation service.
Authorisation administrators map the corporate authorisation
policies onto any number of participating systems through
one or more consoles connected to a central repository
providing a single view of access across many systems.
This centralised control ensures that new users are
given all of the necessary access rights required in
one easy operation. Similarly access by any user, group
of users or to any system or group of systems can be
suspended, cancelled or otherwise modified with a single