 |
|
Basic Elements
Built into DNAOS resource management, the
DNAOS entitlement services process
information from :
- user profile, defining each user's rights
- requested access level, ex: view, create, edit, update
- resource access rights, combining resource type metadata and all access rights defined for the resource and its internal components
- resource relations can be defined between resources, each with its own access level. These relations are resources themselves.
This allows for secure distributed compound network structured resources as well as virtual profiles to be defined and used
- resource metadata
Direct and Proxy
DNAOS resources are either directly available
to DNAOS or are proxies of external resources,
like data in legacy SQL databases, or a mix of the two. A resource proxy
also holds link, connect, and query information to retrieve the proxied
resource when required.
Application Interface
Applications that use DNAOS entitlement to
secure their resources simply invoke corresponding resource management
services, passing user profile, required access level, and target
resource query. Only authorized and valid resources are accessed
or returned.
Separate Process
Security checking can be offloaded to separate processes
and servers, freeing application logic from dependency on security
configuration, allowing them both to evolve as required without having to
modify, test, and re-deploy applications anytime security configuration
changes, increasing flexibility and security, while reducing costs
and maintenance.
More on DNAOS Entitlement
Additional information on DNAOS
entitlement is available in
SOA Entitlement and
DNAOS Context.
|