Keystone Overview
Authorization management tools are emerging, which provide authorization policy administration, decision-making and enforcement at runtime, external to applications.
– Gartner, Inc. “Authorization Management: Where Access and Application Meet”
by Earl Perkins, November 2007
Organizations today are faced with a growing list of requirements for granular controls over “who can access what”, with an equal if not greater importance being placed on “who can do what, when and where”. To date, the vast majority of application authentication and authorization functions are hard-coded into individual application code. Changes in access requirements create a myriad of complexities and costs to modify auth/auth capabilities. Further, as application infrastructures move to Service Oriented Architecture (SOA)-based security, the new requirements are creating the need for organizations to externalize authorization from individual applications to services consumable by applications, configured via policy and enforced for compliance.
This move positions Identity and Access Management (IAM) to become an integral part of the application landscape. IAM solutions will need to adapt as dynamically as the business processes that dictate them.
Many organizations are solving the initial requirements around IAM, fulfilling their access request processes by automating security administration processes through user provisioning and role management products. However, getting users to the front door of the application without granular controls in place to administer and enforce what they can do when they get there is not enough.
The next frontier for IAM is to reduce the complexity of the authorization infrastructure by putting in place a common taxonomy and programming framework for business functions across all applications and IT infrastructure components. The emerging requirements are dictating that organizations have the ability to administer and enforce fine-grain authorization (or privileges) at every point within the application delivery environment. This is what Keystone, BiTKOO’s Authorization Management solution, is able to easily provide.
The Next Evolution in Identity & Access Management
What all this represents is the evolution of IAM towards a model that is service-centric, policy-driven and contextual. This emerging space known as “Authorization Management” is what BiTKOO is helping to define by enabling an externalized authorization framework to realize the promises of IAM and SOA. With Keystone, organizations now have the ability to exchange any-grained authorization and contextual information across policy administration, decision and enforcement points. One can think about it as the “dial tone” or “engine” for security in an organization. It is an abstracted layer of security (web) services, able to deliver a full set of IAM services, unifying silos of authentication and authorization sources throughout the enterprise. Organizations can now fully leverage existing IAM technology investments because Keystone provides a plug-in architecture that interoperates with any third-party infrastructure component. Keystone works hand-in-hand with existing IAM infrastructures, and is able to consume authentication from any source.
Once an application is Keystone enabled, changes to the authentication landscape do not require application modification. Keystone was built to be flexible in order to accommodate both per-application or enterprise-wide authorization management, depending on the business requirements of an organization. Keystone empowers organizations by providing a consistent authorization policy at a fraction of the expected time and cost, and provides the ability to report on any user action for consistent compliance management.
