| Developers: | Custis |
| Technology: | Cybersecurity - Authentication |
Functionality of CustIS: AMS
- Design of access rights in the form of a set the politician (rule sets) with the assistance of business divisions, IT service and a security service
- The centralized and unified maintaining the politician of access
- Integration with different enterprise information systems
- Access control by two options
- Automatic adjustment of local access rights in IT systems according to the described politicians
- Providing uniform service of access control to IT systems of the enterprise according to the described politicians
- Report generation for audit and the analysis
- For example, the current rights of the specific user, when and on what basis are issued which of users has access to certain actions and data, compliance of distribution of the rights to politicians of access, etc.
Scheme of work CustIS: AMS
Politicians are projected in business terms and is transparent are displayed in rules for a system, administrators do not need to transfer them to rules of distribution of roles.
Functional parts of CustIS: AMS
The solution supports the XACML standard, the solution includes Open-Source components which provide support of the standard
- Policy Administration Point (PAP) is the graphical interface for administration of security policies and setup of a system
- Policy Repository is storage the politician
- Policy Decision Point (PDP) is calculation the politician for making decision on authorization of specific action of the user
- Policy Information Point (PIP) is determination of values of attributes in computation process the politician
- Policy Enforcement Point (PEP) is the appeal with a request for authorization of action to PDP. It is built in IT systems
- Policy Translation Point (PTP) is calculation the politician for the specific user (for decision making about issue or a withdrawal of access to a resource). It is executed due to reduction of expressions of XACML in rules of access to a disjunctive normal form and drawing up criteria for search of resources in direct systems which can be provided to this user.
- Adapter is conversion of the solution (about issue or a withdrawal of access) in settings of a specific IT system (for example, appointment to the user of a role)
- Connector – provides integration interaction with IT systems through API provided by them
Advantages of the solution
- An opportunity to set logical rules on the basis of a set of attributes of information resources, objects and users. Increase in customizability. Reduction in cost of management of the rights
- An opportunity to use the solution as addition to the existing system of authorization or independently. Preserving of investments into an information security system of the enterprise
- Automatic detection of user rights according to politicians, automation of standard procedures. Increase in efficiency, efficiency and reliability of process of management of the rights
- The centralized settings of the rights in the form of the generalized rules. Decrease in complexity of management of the rights
- Maintaining rules of access in the format approximate to regulations of security. Increase in transparency of a system of distribution of the rights
See Also
- Identity and Access Management is determinations
- The systems of identification and access control to information resources of the enterprise - IDM (the market of Russia)
- IDM/IAM systems directory and projects
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |