[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fortune 100 Company Extranet Security Model

To: openldap-general@OpenLDAP.org
Subject: Fortune 100 Company Extranet Security Model
From: "Phillip C. Rhodes" <phillip@rhoderunner.com>
Date: Mon, 14 Feb 2000 12:38:24 -0500

All,
I am a project lead for a large company's Extranet security model.
Currently, It is predominately Java servlets/JSP's which access
different databases (Oracle, DB2, etc)and MQ, etc.

Our security model is implemented in Oracle.  Home grown.  We are
rapidly growing, I envision thousands of users and  groups.  Right now,
we use a database table that links a database user or groups to a
resource.

For example, group "Customer A" will have access to records containing
their customer number.  We use this table to build sql queries, or to do

direct joints to filter records.  What we have is security down to the
database record level.

This approach has some drawbacks:
1)    Maintenance tools must be written to support the tables for
administration.  Password resets, password policies, group membership,
etc...
2)    Performance-
3)    Cumbersome to program in this model

I would be interested in what others may be doing in this arena. Would
LDAP help us provide record-level data security for diverse datasources
such as DB2 and Oracle?

Perhaps a hybrid of database and LDAP?  Put the LDAP database backend in

Oracle?

Just a few questions for now.

Thanks,
Phillip

Follow-Ups:
- Re: Fortune 100 Company Extranet Security Model
  - From: Giovanni Baruzzi <giovanni.baruzzi@allianz-leben.de>

Prev by Date: RE: XML Documents in LDAP
Next by Date: pop servers
Index(es):
- Chronological
- Thread