Thursday, February 19, 2015

Integrated Security

Integrated security is about eliminating the duplicate security maintenance efforts.

The system should have the intelligence to know how to make itself secured based on the information available.

When we ask for integrated security from one system, we are asking the system to honor the setup already done in another system.

From a software designer's perspective, we need to think of why one system is a more appropriate place to maintaining the security grant related information.  Typically, this answer to this question is somehow relating to the business flow.





It is not uncommon today that a single directory service is available for the whole enterprise.

A very basic integrated security requirement is to honor the directory services to not require having separate maintenance of the directory in every system.  The directory should provide very basic information:

  • A person record that can identify the person
  • Some information can authenticate the person, ex. password
  • Some information can contact the person, ex. email, phone, mailing address, etc.
  • The role the person plays in the enterprise, ex. organization unit, job title, etc.
  • How the person is related to the enterprise, who the person is working for. ex. manager hierarchy, etc.

By having these information available and maintained in a central place and honored by various systems, we have integrated security.









No comments: