Information Technology Reference
In-Depth Information
as a URL parameter. As before, when the application's interceptor receives
the token handle, it checks back with the SSO server to see if this is genuine
and still valid. The SSO server retrieves the full token from its Token
Database based on the “handle” and validates it. The Application Access
Token is also linked to the Authentication Token, which has a bunch of user
attributes stored along with it. The SSO server passes all of this back to the
interceptor. If the Application Access token is certified to be valid, the
interceptor may apply authorisation checks based on the user attributes
accompanying the response, and then allow or disallow access to the
application as a whole. This is coarse-grained authorisation. The interceptor
may also pass these user attributes through to the business application for it
to do any fine-grained authorisation.
In a later section, we will see how to implement simple extensions to the
challenge protocol to exploit the existing Windows-based LAN session,
support multi-factor authentication and also federated identity systems. We
will also explore a more tailored version of coarse-grained authorisation.
However, the model described here is all there is to Access Management, so
it is conceptually quite simple.
We stated earlier that Access Management is also the most commoditised
part of IAM, so let's now look at two of the best (and cheapest) products you
can find to implement Access Management.
Search WWH ::




Custom Search