Policy-based authorization management product

Business Challenge

In the nowadays business activities security aspects play the most important role. One of the security features greatly demanded on the market is the authorization management. One of our clients requested the solution that provides Privilege Management Infrastructure (PMI), allowing the administration and enforcement of user privileges and transaction entitlements to e-commerce and Enterprise resources together with the role based authorization to Web-based resources, which allows enterprises to provide enabling security and rich user experiences for their customers, suppliers and partners.

System Functionality

We have developed the security management solution for implementing fullscale security and extending policy authorization across the enterprise. Our product allows enterprises to securely enable online business processes to gain competitive advantage, to easily manage users, and to access policies in order to deliver protected e-relationships.

The product consists of 4 main sections:

• Validator
• Audit Server
• Policy Editor
• Enforcer Plug-ins

VALIDATOR

This system part is be responsible for checking user's identification data and sending back information about the resources available for a user. Validator is developed using Java. Returned data is presented in the XML format. Validator connects to the LDAP-server for getting user's information via the SSL (Secure Sockets Layer) secured connection.

AUDIT SERVER

This server logs information about all access attempts performed within the system. Logs are created in accordance with the information obtained from Validator. Different storage methods are implemented. This section is developed using Java. Information is obtained from Validator using TCP/IP protocol.

POLICY EDITOR

This program allows the system administrator to maintain the resources tree stored on the LDAP-server. Both users' and groups' policies are implemented. This section is developed using Java. Interaction with the LDAP-server is performed via the LDAP protocol using the SSL secured connection.

ENFORCER

The ENFORCER section is responsible for transferring available resources to a user. This can be both the web-server and the application server. The system has the set of plug-ins implementing the API (Application Programming Interface) for each variant of supported Enforcers. The main task for plug-ins is the connection of the appropriate applications with the system. Plug-ins are developed using the C/C++ language. Connection with Validator is established via the TCP/IP protocol using the SSL secured connection.

Summary

Based on its intuitive user interface, automated management capabilities and XML-based architecture, Policy-based authorization management system is the easiest-to-use and quickest-to-deploy authorization management product for companies seeking to maximize their eBusiness return on investment.

Our product has been designed with a directory-enabled modular architecture that allows fast deployment of extranet authorization and the ability to evolve as your company's e-business initiatives develop.

Key Features

• Single Sign-On
• SAML-based SSO and Authorization Between Partner Sites
• Role-Based Authorization
• Native Password and Profile Management
• Intuitive Management Interface
• Flexible Delegated Administration
• Tamper-resistant Audit System
• Native LDAP Support

Used languages & Technologies

• BEA WebLogic Application Server 7.0
• Microsoft Active Directory Directory Server
• Microsoft Internet Information Server
• Microsoft Visual C++ 6.0
• Java Development Kit 1.3
• Rational Rose 2000 Modeling Tool
• Rational Requisite Pro Requirements Management Tool
• Rational ClearQuest - defects and change requests control
• Rational ClearCase - configuration and versioning control
• Microsoft Project - Project Management and Estimation tool