As web applications become the norm for application delivery mechanisms, there is more and more demand for managing access control at the application framework level. As is immediately obvious, managing this access control becomes an overwhelming overhead for the actual application, and should be handled by the underlying framework used for
application delivery.
Opensource projects such as ForgeRock AM, (OpenSSO) can provide both Authentication services, as well as Authorization services to applications, utilising a simple REST or SOAP based web service interface. All the management of users, groups and other authentication attributes can be handled by the AuthN/AuthZ applicaiton, and delivered to the web application as a service. We can already see this behavior in use, in PAM, or plugable authentication modules used in many linux environments in use today. However mere authentication is not sufficient in an enterprise environment. Often, group, Community and other membership, or attributes, need to be used to determine access
control.
Utilizing an external Access control service, such as OpenSSO, can offload much of this access control from the application, allowing the access control layer to be provided through a simple, effective Web Service permissions layer.
In this presentation I will demonstrate how the OpenSSO authN and AuthZ layers can be simply and easily integrated into an enterprise application, allowing fine grained access control to be enforced at the application layer, while allowing the adminstration and management of the policies to be handled by the service provider.
Allan Foster is a founding member of ForgeRock, bringing skills in the entire Identity management space. He has proven skills in Access Management, Federation, and Portal Architectures. Allan is based in Portal, Oregon in the USA, and has worked with the ForgeRock products, as well as prior version of the products for several years.
Allan brings 25 years of experience in the development, internet, and Identity management spaces to ForgeRock. Allan's career has reached from Apple Computer inc, to Netscape, AOL, Guru Associates, and Sun Microsystems before joining the team at ForgeRock.