Simplifying Enterprise Wide Authorization Management Through Distribution of Concerns and Responsibilities

摘要

Authentication lets a system know who you are, while authorization controls your resources access rights and what operations you are allow to perform. Resources have owners to whom the resources belong to. The owner knows best who is allowed to access her resources at any one time. Distribution of concerns and responsibilities can be effectively used for efficient management of enterprise wide authorization. A collection of users with similar rights to a resource can be logically grouped. Managing user groups, recourse groups, access relationships and permissions is tedious due to complex inter-relationships between actors and among actions. A Web-based application which implements a higher level abstraction of access management that mappes specific low level operating system access control can be deployed to access local manager to manage their resource access effectively and economically, which in turn will increase the system's security level of the entire organization.