Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for.

Published byRandell Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for."— Presentation transcript:

1 Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for tightly coupled mainframe systems - what, by whom, how much Moving toward distributed systems and need a more general authority model, including services as well as applications Kerberos authentication infrastructure

2 Directory based authority Privilege groups are stored in the LDAP based directory for access by services and applications Initial groups were –Stanford Community (sw licensing, etc) –Academic (sw licensing) –Leland full (eligible for all distributed services) –Leland base (authentication only)

3 Directory based Authority Adding additional privilege groups –Faculty \ –Student > (finer grain service authority) –Staff / –Others specific to Core Fin requirements Services and applications do directory lookup based on Kerberos principle Groups currently apply to person, not account

4 Distributed Financial Authority Oracle Core Financials application needed rules based authority Two types of authority - transaction and approval Currently implemented only on the user level, not group

5 Reports Applications Signature Authority Transaction Authority Approver List Maintenance Forms Rules Data Structure Authority Engine - General rules - User rules Report Views Validate Authority Function Validate Transaction Authority F. Approver List Function Reports Function

6 Authority Engine Authority rules –general rules (restrictions on process) –user rules (restrictions on actions) Transaction metadata –transactions –objects –object attributes

7 Example Object is purchase requisition line item. Transaction is purchase requisition. Object attributes are item, purchase requisition line ID, amount. User is Joe Smith. User transactions shows that Joe Smith has access to purchase requisitions. Authority entity shows that Joe Smith has access to view purchase requisitions. Constraints entity further restricts this privilege by representing the cost centers that Joe Smith can access.

8 Rules Maintenance App. Maintain metadata through 10SC app. –data about users –delegation of authority –reports Web screen for delegation Reports Initial metadata loaded from mainframe

9 Transaction routing Custom web-based application Provides information to originator for routing of transaction from information in rules engine

10 Future Authority engine developed to meet Core Financials requirements only How can it be applied to the general case for future applications? More capabilities in directory based authority?

Download ppt "Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for."

Similar presentations

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
ISIS is the web-based student information system that manages the University's core student data. ISIS integrates information from the Registrar, Student.

ISIS is the web-based student information system that manages the University's core student data. ISIS integrates information from the Registrar, Student.
Using Approvals Management Engine (AME) for Requisitions in R12

Using Approvals Management Engine (AME) for Requisitions in R12
The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.

The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Weapons/Gear Accountability Utilizing Radio Waves (RFID)

Weapons/Gear Accountability Utilizing Radio Waves (RFID)
Authorizing Access to Services at Penn State University

Authorizing Access to Services at Penn State University
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
Idaho National Engineering and Environmental Laboratory The Data Warehouse The Place to go for Integrated Data Norman H Stevens 208-526-7906.

Idaho National Engineering and Environmental Laboratory The Data Warehouse The Place to go for Integrated Data Norman H Stevens
Implementing Oracle iProcurement at the University of Pennsylvania Oracle AppsWorld San Diego, California.

Implementing Oracle iProcurement at the University of Pennsylvania Oracle AppsWorld San Diego, California.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Enterprise Portal Authentication: who are you? Authorization: what are you permitted to do? Personalization: the web pages you see are dynamically created.

Enterprise Portal Authentication: who are you? Authorization: what are you permitted to do? Personalization: the web pages you see are dynamically created.
Student Information system

Student Information system
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Similar presentations

Ads by Google