The XACML and Fine-Grained Authorization Leader

Support: 888-4-BiTKOO or +1-818-985-4700 | Contact Us

• Products
  • Keystone
  • Keystone for SharePoint
  • DB-Wall
  • SecureWithin
  • Agent-Less SSO
• Solutions
  • XACML
  • SharePoint 2010 Security
  • Database Security
  • Cloud Security
• Services
  • Implementation
  • Training
  • Support
• Resources
• News & Events
  • Blog
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • Careers
  • Contact Us

Solutions

• XACML
• SharePoint 2010 Security
• Database Security
• Cloud Security

• Schedule
• demo
• Download

Fine-Grained Entitlement Management

The Challenge

Entitlement management, or fine-grained authorization management, enables organizations to define granular access controls for their users based on the attributes of the user, the resource, and the context of the access request.

Traditionally, this control has been hard coded into the application logic. This resulted in many problems:

• Developers wasted time coding security into their applications.
• Many developers lacked the tools, time and expertise to properly implement authorization security.
• Entitlements were difficult to manage in an effective and consistent manner across the enterprise.
• Central visibility of entitlements for audit purposes was lacking.
• Entitlement management was difficult to scale as organizations grew and business requirements became more complex.

BiTKOO Approach

BiTKOO provides all the tools necessary for granting, revoking, managing and reviewing user entitlements. It leverages an authorization standard for policy language and architecture called XACML in externalizing the fine-grained entitlement management away from the individual applications and unifying them behind a central platform. BiTKOO provides coverage for more applications than any other vendor, including SharePoint, database applications, applications written in Java and .NET, and even applications in the cloud.

The BiTKOO entitlement management architecture consists of a comprehensive set of modules based on the XACML standards. Real-time access control decisions are made at a central Policy Decision Point (PDP) based on the security policies that grant or deny access for a particular user. In addition, the PDP may query a Policy Information Point (PIP) to retrieve more information in order to make the appropriate access decision. The PIP is usually a user directory like AD or LDAP which contains attributes about the user. The resulting access decision is communicated to a Policy Enforcement Point (PEP). PEPs are plug-ins for the applications that enforce the entitlement policies. Policies are created and managed via a Policy Administration Point (PAP).

Key Benefits

• Save Time and Reduce Costs
  • Developers no longer need to waste time coding authorization security into their applications.
  • Redundant security policies do not need to be rewritten for every application.
  • BiTKOO products integrate with any complementary IAM technology, support all common application platforms and can be implemented in a variety of flexible delivery models, including delivery from the cloud.
• Strengthen Security and Assure Compliance
  • Enterprise-wide entitlements across all applications, platforms and directories can be managed and reported on from a central location.
  • Segregation of duties (SOD) is enforced by ensuring that a user’s entitlement on one system is not in conflict with the same user’s entitlement on another system.
  • Fine-grained authorization policies can be deployed immediately and consistently across all applications enterprise-wide.
• Enhance Business Agility
  • Security policies can be created, implemented, modified and removed without having to make any code changes in the applications. This allows security administrators to react quickly to changes in business requirements.
  • The BiTKOO architecture has been designed to ensure high availability, high performance, and no single point of failure.

© Copyright 2011 Quest Software, Inc. All Rights Reserved

• 
• 
• 

• Sitemap | Legal | privacy Contact Us