Re: [ActiveDir] Internet Authentication Concepts: Pointers?

Thu, 27 Apr 2006 16:41:03 -0700 

Jef,
As Al pointed out, there are numerous products from vendors such as IBM/BEA/Oracle/RSA/Netegrity/Entrust/Baltimore Labs (RIP) etc providing web-based authentication/authorisation in front of AD. Since from a design point-of-view it's generally not a good idea to stick AD too close to the Internet, often these solutions comprise a presentation tier, e.g. with IIS (using some sort of ISAPI plugins) that then hooks into your business logic (e.g. middleware) or your data tier (e.g. LDAP/AD/SQL) ... if you want to look at this from an MS purist perspective then I'd suggest having a look at n-Tier solutions within the MSDN area. Although, this has a more developer emphasis than you'll probably want, it gives a good insight into how Internet authentication works, particularly .NET as well as older products such as Site Server/Commerce.. 


Try googling on Authorization Manager (AZMan) to give a good example of 
how a role-based management approach (assuming a web tier) with an AD 
backend would work..... Also look at ADAM as an initial 'point' solution 
for Internet usag rather than AD alone.



You also mentioned self-registration and this kicks off an entirely 
different thread (in my mind anyway)... 


1. What are you providing access to?
2. Whom are you registering and for what ?

3. What authentication mechanism do you wish to use (username/password, 
certs, OTP).
4. Do you need to provide some form of authorisation once authenticated 
as well? What form does this need to take?


Hope this helps.

Regards,
Mylo

if you need an initial

Jef Kazimer wrote:


Al,

I apologize,  as I am going only on what little information I have.  I guess I 
was trying to do some pre-meeting recon work since I had seen it metioned here 
about 25mil internet users for some people.  I had assumed there might be some 
scenario documentation for such a thing.

I will know more after the meeting of course, so I'll see if I can explain 
myself better.

I understand directory design for an enterprise, but have never done so for a 
internet instance that would have self registration.  I suspect there are some 
different lessons learned from that scenario so was curious.

Thanks,

Jef




 


Date: Thu, 27 Apr 2006 15:31:33 -0400> From: [EMAIL PROTECTED]> To: [email protected]> Subject: Re: [ActiveDir] Internet Authentication Concepts: Pointers?> > That's not a lot to go on, Jef.  Can you give some more information?> > For example, these public internet sites? Are they web only? What type> of authentication is needed? What were your plans for authorization?> Are you planning to use something like SiteMinder or Tivoli or ?? to> help you deal with authorization if using web sites?> > Al> > On 4/26/06, Jef Kazimer <[EMAIL PROTECTED]> wrote:> >> >> > Ok, here is something I'm just starting to research, and I thought maybe> > someone here has some pointers or a direction they can steer me in.> >> >> >> > We are looking at a potential consolidated directory/database to contain> > user registrations (Self registration and possible bulk load) for multiple> > public internet sites for products of our company.> >> >> >> >> >> >> >> > I was wondering if there are any published scenarios that addess this> > solution as 
   


a starting point for consideration.  We are thinking of using a> > public AD forest as the potential repository, but I am curious if there are> > any lessons learned when designed such a scenario.> >> >> >> > Thanks,> >> >> >> > Jef> >> >> >> >> >> >> > ________________________________> > Upgrade for free to Windows Live Mail beta and you could win an African> > Safari Learn more> ا~m 
List info   : http://www.activedir.org/List.aspx

List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 


------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.5.1/326 - Release Date: 27/04/2006

 




List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/






















					Reply via email to