On Oct 24, 2007, at 10:51 AM, Alex Karasulu wrote:
Authorization Managers
----------------------------------
Medium to large scale application deployments within complex
environments occur
often within the enterprise. Several divisions, processes and
applications require
the management of authorization policy for many groups and
identities. Centralizing
the access and administration of authorization policy improves
several aspects of
management:
o centralized policy stores enable a standard mechanism for
representing
and accessing policy information rather than having each
application
devise it's own representation and backing store
o policy backup and restoration operations are simplified when
several
instances of the same application or different applications
use a centralized
policy store
o there is a reduced learning curve for administrators who use
the same tools
across applications to manage policy rather than having to
learn how to use
a specific tool for a each application
o policy audits are greatly simplified when a principal's policy
across all
applications resides in (what appears to be) a single
centralized location
o policy provisioning is also greatly simplified when policy
information is
centralized
o advanced capabilities in the policy store like snapshoting and
versioning
can be extended to all applications leveraging the centralized
store
o the authority to manage policy across divisions and
applications can be
parceled out to different administrators when the policy store
is centralized;
this is benefit is referred to as delegation of authority
o additional policy enhancing services benefit all applications
using a centralized
policy service
Several products have emerged to centralize access to policy
information. These
products usually come bundled with programing APIs, tools, and
adapters to integrate
with common existing systems which increases their uptake, and
usability for an
immediate return to customers investing in the product. Products
of this type, are
often referred to as Authorization Managers and usually they are
included in a larger
suite of services composing an identity solution.
More glossary terms:
Delegation of Authority:
The term given to the assignment of administrative operations
to specific authorities within
different jurisdictions to facilitate a division of management.
I don't disagree with this, but wonder if this is an authorization
question for users of the authorization manager application itself?
Authorization Manager:
A class of products found in identity management suites which
enables the centralized
management of authorization policy across applications.
I like this description of authorization managers.
thanks
david jencks
Alex
