Recently, the question came up on how to expose authentication and authorization as identity services inside of the Access Management Suite.
Two solutions:
OES - Web Services SM configured with OAM SSPI Connector
OAM - Access Management - ASDK - with custom web services wrapper
Both definitely good choices. A few quick thoughts on when each would be appropriate.
OES WS SM can be configured with OAM SSPI connector to consume OAM sessions - ObSSO cookies, but it can also be configured to consume SAML Assertions. It can be configured to return, in response to an assertIdentity call different types of tokens, including a SAML assertion. On the authorization front, OES does fine-grained authorization. The Web Services wrapping the Java API is what it is - works well, but is not integrated with any container. It also exposes a standard authorization service with XACML.
OAM with custom web services wrapper works with ObSSO cookies and focuses on coarse grained authorization, like what is typically required for URLs. The Web Services implementation, since its built on-top of the container is integrated. Also, its very simple to take a POJO and turn it into a fully functioning web-service.
So, basically if you need to extend OAM to have a SOAP interface for authentication and coarse-grained authorization, wrapping the ASDK in a web-service seems like the way to go. If you need more of a heterogeneous implementation which is expected to integrate using standards like SAML and XACML and has fine-grained authorization requirements, then the OES WS SM solution makes the most sense.
Wednesday, May 27, 2009
Sunday, May 24, 2009
5 Solved examples on Decision Tree topic
Posted by
adipati
Labels:
A level,
business studies,
decision making tools,
decision tree
with
0
comments
Decision Trees are useful tools for helping you to choose between several courses of action.
They provide a highly effective structure within which you can explore options, and investigate the possible outcomes of choosing those options. They also help you to form a balanced picture of the risks and rewards associated with each possible course of action.
This makes them particularly useful for choosing between different strategies, projects or investment opportunities, particularly when your resources are limited.This topic is not covered in the IGCSE syllabus but is relevant to A Level Business Studies students.
Friday, May 22, 2009
Budgets and Variance Analsyis revision notes
Posted by
adipati
Labels:
benefits,
budget,
budgeting,
budgets,
drawbacks,
variance analysis
with
0
comments
A budget is a document that translates plans into money - money that will need to be spent to get your planned activities done (expenditure) and money that will need to be generated to cover the costs of getting the work done (income). It is an estimate, or informed guess, about what you will need in monetary terms to do your work.
This process of financial planning known as budgeting.
Click here to goto detailed revision notes on budgeting
These notes also cover the benefits and drawbacks of budgeting.
What is Variance analysis?
A variance is the difference between an actual result and an expected result. The process by which the total difference between standard and actual results is analysed is known as variance analysis. When actual results are better than the expected results, we have a favourable variance. If, on the other hand, actual results are worse than expected results, we have an adverse.
Click here to goto detailed revision notes on Variance analysis
This process of financial planning known as budgeting.
Click here to goto detailed revision notes on budgeting
These notes also cover the benefits and drawbacks of budgeting.
What is Variance analysis?
A variance is the difference between an actual result and an expected result. The process by which the total difference between standard and actual results is analysed is known as variance analysis. When actual results are better than the expected results, we have a favourable variance. If, on the other hand, actual results are worse than expected results, we have an adverse.
Click here to goto detailed revision notes on Variance analysis
WordSearch Quizzes on dineshbakshi.com
10 new quizzes have been uploaded to the Business Studies section of dineshbakshi.com. These are new type of quizzes, different from the earlier ones. Few terms have been given on the right column and the students have to search these words from a matrix of jumbled words. Main idea is to familiarize the students with business studies terms. It can be used in classrooms by the teachers to get the students as an ice breaking activity. By the end of each quiz students will be well acquainted with the terms. Students can also use it as a challenge to find the words in the minimum time. Whatever the use may be the basic idea is 'ITS LEARNING THE FUN WAY"
So go ahead and enjoy!
Click here to goto the WordSearch Quiz Section
Wednesday, May 20, 2009
Using OES to Secure POJOs - Fact or Fiction?
In providing access control, there are two "main" functions - policy enforcement and policy evaluation.
The Policy Enforcement Point (PEP) intercepts the request and asks the Policy Decision Point (PDP) to evaluate the request. The PDP responds - yes/no - and then the PEP either lets the call continue or blocks the request. A good example of this whole model can be found in the XACML spec.
So, when looking at the question "Can OES be used to secure POJOs?" we need to looks at both parts of the model - PEP and PDP.
On the PDP side, OES is sufficiently flexible to perform the task. The OES resource model allows for a hierarchal names. This maps nicely to Java class names:
//resource/com/foo/Customer
Using this model, you could write policies to block access to packages or classes - sorta useful. But probably not the main case. What about methods? There are really two choices here. The first is mapping the method invocation to the action.
//priv/getBalance //resource/com/foo/Customer
The second is going with a generic action and putting the action as the lead note of the resource:
//priv/invoke //resource/com/foo/Customer/getBalance
The latter makes it easier to write policies for "all actions on an object".
Now, what about access control at the instance level? I want to write a policy that says that 'Joe can get the balance of the customer if the customer is in state="MA"'
grant (//priv//invoke, //resource/com/foo/Customer/getBalance, //user/foo/Joe) if state="MA"
Makes sense, but how does OES get the state of the customer object?
OES has the ability to pass information from the PEP to the PDP. This includes Java objects. Either the PEP could use Java reflection to pass the attributes or the PEP could pass the instance (assuming its serializable) and OES could use attribute retrievers to get the values from the instance.
In a previous post, I discussed customers' desire for PEPs (Policy Enforcement Points). So, how would you go wire this in?
It depends on what container, if any, you are using. With no container, you need to look at AOP to insert these calls pre-method. In spring, you could do this with ACEGI + OES. If you are willing to make some small code changes, maybe look at securing the classes with custom java Permissions.
In my experience, I haven't seen a need for securing all POJOs. If this is the case, then use Java Security and custom permissions. What I have seen is the need to secure a small number of very sensitive classes. In this case, look at what the container provides, or possibly modifying the class to explicitly call to OES.
The Policy Enforcement Point (PEP) intercepts the request and asks the Policy Decision Point (PDP) to evaluate the request. The PDP responds - yes/no - and then the PEP either lets the call continue or blocks the request. A good example of this whole model can be found in the XACML spec.
So, when looking at the question "Can OES be used to secure POJOs?" we need to looks at both parts of the model - PEP and PDP.
On the PDP side, OES is sufficiently flexible to perform the task. The OES resource model allows for a hierarchal names. This maps nicely to Java class names:
//resource/com/foo/Customer
Using this model, you could write policies to block access to packages or classes - sorta useful. But probably not the main case. What about methods? There are really two choices here. The first is mapping the method invocation to the action.
//priv/getBalance //resource/com/foo/Customer
The second is going with a generic action and putting the action as the lead note of the resource:
//priv/invoke //resource/com/foo/Customer/getBalance
The latter makes it easier to write policies for "all actions on an object".
Now, what about access control at the instance level? I want to write a policy that says that 'Joe can get the balance of the customer if the customer is in state="MA"'
grant (//priv//invoke, //resource/com/foo/Customer/getBalance, //user/foo/Joe) if state="MA"
Makes sense, but how does OES get the state of the customer object?
OES has the ability to pass information from the PEP to the PDP. This includes Java objects. Either the PEP could use Java reflection to pass the attributes or the PEP could pass the instance (assuming its serializable) and OES could use attribute retrievers to get the values from the instance.
In a previous post, I discussed customers' desire for PEPs (Policy Enforcement Points). So, how would you go wire this in?
It depends on what container, if any, you are using. With no container, you need to look at AOP to insert these calls pre-method. In spring, you could do this with ACEGI + OES. If you are willing to make some small code changes, maybe look at securing the classes with custom java Permissions.
In my experience, I haven't seen a need for securing all POJOs. If this is the case, then use Java Security and custom permissions. What I have seen is the need to secure a small number of very sensitive classes. In this case, look at what the container provides, or possibly modifying the class to explicitly call to OES.
Sunday, May 10, 2009
Case study on Merger
In January, Porsche announced it had increased its stake in Volkswagen to more than 50%, and said it planned to lift its stake in VW to 75%.
However, even with a 75% stake it would not have been able to take complete control because under the "VW law" the state of Lower Saxony, which holds a 20% stake, can block strategic decisions.
Stock markets had closed before the announcement, with Porsche shares up 1.2%, and VW's down slightly, by 0.4%. Now they have changed their mind and recently Carmaker Porsche agreed a merger with fellow German manufacturer Volkswagen (VW) after weeks of talks between the two firms' management.
Find out
* the difference between a merger and a takeover.
* Problems and benefits due to merger.
* Their effect on corporate cultures of the merging businesses. The synergies created because of mergers.
Watch a video on this story Click here
Attempt a case study on merger Click here
Wednesday, May 6, 2009
Case study - Human resource management
Posted by
adipati
Labels:
business studies,
case studies,
case study,
motivation,
worksheet,
worksheets
with
0
comments
Case study on Human resource is available on dineshbakshi.com. This case study covers important aspect like piece rate and time rate methods of payment, motivation, health and safety issues in an organisation.
Click here to goto the Case study
Another worksheet- structured question is available on Motivation topic. This worksheet on motivation tests students on financial and non-financial methods of motivation and evaluates their effectiveness in a work environment.
Click here to go to the Worksheet
Subscribe to:
Posts (Atom)