The XACML and Fine-Grained Authorization Leader
Keystone for SharePoint 2010
As SharePoint moves from the tactical to become a strategic enterprise solution, organizations are demanding more security and control than SharePoint’s security model offers. With more and more confidential company information residing in SharePoint, access control becomes critical. On its own, SharePoint offers no support for enterprise entitlements that exist outside of Active Directory and lacks the ability to manage authorization across multiple sites. In addition, SharePoint does not provide an audit trail of access and authorization activities. Without the ability to report who has access to what, with no delegation of administration, and without enforcement of segregation of duties, in order for SharePoint to become an enterprise-ready solution, it needs help.
Common SharePoint Challenges
- Only allows for authentication and attributes against AD
- SSO is difficult to achieve
- Difficult to add/change auth sources
- Opening collaboration for outside users
- Authorization tends to be all or nothing
- No ability to manage authorization across sites
- No ability to build authorization on existing roles and policy
- No consistency enforcing security policy
- No active enforcement of who has access to what – “Information Barriers”
- No consistency in how security is administered
- No support for delegated administration
- No fine-grained administrative control
- No visibility into policy and permissions
- No audit trail of who gave who access
- No active SOD enforcement
- No ability to leverage IAM principles
- No snapshot in time to determine who had what access on a given date/time