Find White Papers
Home About Contact Help
Free Membership Member Login
Aug 28, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Global Trust / Securing the Enterprise

Okiok
By : Okiok
INFORMATION
Published : Nov 08, 2005
Length : 36
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Global Trust is a comprehensive Permission Management Infrastructure that centrally controls and manages user access Permissions to Web-based resources, servlets, Beans or any external application. These permissions are based on configurable user attributes and security policies that directly reflect the objectives of e-business applications.

Download this white paper and learn how the Global Trust solution enforces your policy consistently across your e-business and associates according to the planned security model (delegation, user's type, roles, policies, etc).
View All Items By This Company
Browse Related Categories :

Access Control

,

Identity Management
 
Introduction

Global Trust is a comprehensive Permission Management Infrastructure that centrally controls and manages user access Permissions to Web-based resources, servlets, Beans or any external application. These permissions are based on configurable user attributes and security policies that directly reflect the objectives of e-business applications. Global Trust solution enforces your policy consistently across your e-business and associates according to the planned security model (delegation, user's type, roles, policies, etc).

Global Trust Physical Architecture

The figure below shows the high-level network architecture usually used when planning the installation of a Web Access Control system such as Global Trust. Typically, a web server farm stands in a demilitarized zone. An extra firewall is recommended in front of the Global Trust servers. It defines a security perimeter where the Global Trust activities take place. Only the necessary IP addresses and ports must be opened in the Global Trust secure zone.

Global Trust Logical Architecture

The Global Trust solution is based on a robust, extensible architecture that allows quick deployments and a fast return on investment. The figure below shows a component view of Global Trust. Global Trust can be broadly separated into two main components: the cores services and the agents. The core services act as a Policy Decision Point in the system. The various agents stand as Policy Enforcement Point. The Policy Enforcement Points intercept incoming access requests and validate them against the Policy Decision Point.

3.1 Identity Management

Global Trust allows the efficient administration of the employees, customers, suppliers and partners that need access to applications secured by Global Trust through an enterprise LDAP Directory. This directory must be an LDAP v.3 compliant directory service that provides a single repository from which you can manage all user data such as identities, credentials, authorization and application-specific preferences and profiles. Global Trust administration is performed with a Web-based interface. The changes in the configuration are securely done over an SSL connection. For a maximum of flexibility, Global Trust can be administered as follows:

- Using a web browser

- Programmatically, using the java User and Policy Management Interface

- Through a Command Line Interface with provided scripts (CLI)


3.1.1 Delegated Administration

Most aspects of Identity Management are regarded as privileged operations that must be executed by system administrators. Global Trust supports delegated administration whereby administration of identities can be delegated to appropriate administrators based on their user types.

A Global Trust administrator can create a number of enterprise domains and assign one or multiple types of administrators to each enterprise domain. The administrator for an enterprise domain can create new users in the domain and add new or existing Global Trust users to the domain.

In addition to this user-related function, Global Trust administrators can create new domains below the enterprise domain level and assign users to be the administrators for these new domains (domain administrators).

Global Trust Logical Architecture

Administrators of the new domains can then create new users in their own domain. The Global Trust administrator for the enterprise domain also has authority to administer the domain. Global Trust administrators can create and manage as many domains under their authority as required. The various domains, user types and delegation hierarchies are determined when the enterprise security model is defined.

For each delegated user domain, predefined administrator types can be assigned in that domain. As an example, the following list shows the various administrator types and the set of administrative functions that can be performed by administrators assigned to each of these types:

- Global Trust Top Level Administrator. The Global Trust administrator is the top-level administrator. The Global Trust administrator can perform all delegated administration functions.

- Domain Administrator. The domain administrator can perform administrative functions for the users in their domain. Domain administrators can create new users or administrators in their own domain, and assign existing domain users to be an administrator (of any type except domain administrator) for the domain.

- Senior Administrator. A senior administrator has the same authority as a domain administrator, except that a senior administrator cannot assign additional administrators.

- Administrator. An administrator has the same authority as a senior administrator, except that an administrator cannot create new domain users. An administrator can modify an existing user's properties.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map