Product Overview
Keystone is an engine that provides authorization services that bridge the gap between SharePoint’s own capabilities and the real-world demands of security-conscious enterprises. Keystone delivers fine-grained authorization for SharePoint through run-time calls to any number of authorization sources containing user attributes. This means that authorization for multiple (possibly hundreds or thousands) SharePoint instances can be based on existing authorization within Active Directory, enterprise applications, an identity and access management framework, or anywhere that authorization and entitlements have already been established and proven.
Keystone understands and leverages the established roles each individual user has, and based on that role, dynamically grants appropriate access to SharePoint based on existing permissions. Keystone-enabled SharePoint instances benefit from a stable, immutable, security-enabled lifecycle because enterprise-wide policy, identity management, and role management are all determined independent of SharePoint. The result is stronger, more easily managed, and more secure authorization factors easily be easily leveraged on the SharePoint environment.
- Fine-grained authorization for SharePoint
- Enforces legal and ethical boundaries within SharePoint – "information barriers"
- Authorization based on existing sources, roles, and policy
- Control MOSS Enterprise CAL usage/consumption and avoid licensing issues
- Does not change the SharePoint user experience – no retraining
- Supports an unlimited number of SharePoint instances
- Standards-based architecture
- Comprehensive audit
- Code-less authorization