Externalizing access control decisions to a central decision point, or Externalized Authorization Management, separates policy management from the application lifecycle. Externalized Authorization Management externalizes access control decisions to a decision point that is decoupled from the application. The system interrogates an information point, typically a directory, to determine a user’s access rights based on a centrally managed policy.
- Authorization and access rights to an organization’s network or assets are granted dynamically in real-time based on user, data and environmental attributes, such as certifications, IP address, group, department, or employee status.
- Decisions on access leverage these characteristics, or attributes, which help define whether they should be granted access to the application and at what level. The decision is based on the data they want to access and the action they want to perform.
- Externalized authorization allows for the management of permissions to multiple systems from a single platform, streamlining the access process and reducing administrative burden.
- Access control to file shares, network subnets, document repositories and applications can now be made in real time by a centrally-managed decision point, using attributes in a user’s directory entry.
The benefits of Externalized Authorization are significant:
- Access policies become centralized so changes to policies do not require software changes to individual applications.
- By externalizing access control decisions, centralized management results in consistent enforcement of policies across the organization – not relying on individual system administrators.
- Business management is improved, decisions can be made in real time increasing agility, and costs are greatly reduced.
- Leveraging attributes in the decision-making process enables fine-grained authorization decisions increasing control over data.