PowerSecurityTM
Functionalities
The solution comprises a set of modules,
each with a precise mission and a group
of specific functionalities.
Authentication
Services Module
User Administration
Handles the registration of users
that will be accessing applications,
their personal and contact data and
defines the authentication protocol.
It may be integrated with external
systems such as ActiveDirectory for
authentication or using a password
administration proprietary scheme.
Authorization
Services Module
Roles Based Administration
(RBAC)
Permissions are never assigned to
users directly but through a role
structure. Once such roles have been
defined, configuring a user only entails
assigning the appropriate roles, which
simplifies common operations such
as adding users or changing user functions.
Function Segregation (SSD)
When defining roles, the system indicates
if there is any incompatibility between
them, blocking a user from having
two incompatible roles. This ensures
that no user is ever able to perform
actions that may jeopardize company
operations.
Personalization
In some cases, the simple fact of owning
a permission is not enough for the user
to perform a certain operation.
In business circumstances, it is not
strange to have rules limiting situations
where users may use certain permissions,
i.e. limits used in overdraft money
orders approvals or limits in credit
amounts. In these cases, the personalization
scheme allows establishing what conditions
a user must fulfill to make use of the
permission.
Target Groups
Permits user segregation in dynamical
groups and through these, the access
to certain data in content publication
applications.
Auditing
Services Module
Event Auditing
Allows user operation data registration
in a centralized storage, that infers
his behavior within the system. This
storage may be used for accessing information
as for example when peak loads occur,
or what options turn out to be the most
used or attractive for different contact
groups.
Model Modifications Audit
Record is kept of all changes made
to the security model and this allows
determining when any given user’s
permissions were granted or revoked
and by whom.
Control by Opposition
It is possible to define that activating
a security change requires the participation
of two people. In this way, errors
or frauds are can be avoided and the
responsibility for uploaded data can
be shared by several areas.
Administration
Services Module
Administration by Application
All application security administration
is done for each application separately,
this makes it possible to assign security
responsibility for each application
to different user groups. Even PowerSecurityTM
secures itself as any other application
and may be completely administrated.
This feature eliminates the impact
of exponential increase in roles resulting
from the continuous adding of new
applications, which is a problem that
arises with traditional tools based
on RBAC mechanisms.
WEB Administration
System administration tools are integrated
in a single WEB interface that can
be accessed using any standard browser.
In addition, screens are configured
dynamically to show each administrator
only those actions for which he has
been granted authorization.
On-line Reports
As part of basic PowerSecurityTM
installation, multiple standard reports
are delivered, helping system administration
tasks.
Integration with External Systems
PowerSecurityTM
incorporates modern integration tools
that permit the connection to external
systems with no need of expensive
modifications.
User
Applications Services Module (Legacy
/ Satellites)
Access through Connectors
customer applications accesses the
functionalities provided by PowerSecurityTM,
through connectors that show them
as own. These connectors include a
clearly defined and intuitive API,
facilitating rapid adoption by developers.
Connectors are also in charge of communicating
with the PowerSecurityTM
server, using technologies from RMI
through WEB services, thus preventing
client applications from interacting
with the server.
Technologic Support Module
Multiplatform Development Support
Not all applications are developed
using the same technology; that’s
why PowerSecurityTM
provides tools that facilitate incorporating
security schemes into existing and
even future technologies.
“Offline” Development
In cases where application development
is outsourced, it becomes necessary
to have tools that permit dealers
to work without a PowerSecurityTM
server installed in their development
environment. For this, PowerSecurityTM
incorporates light tools that closely
simulate the behavior of a complete
server.
Multiplatform Support
Given that it has been developed using
J2EE technology and layer architecture,
a PowerSecurityTM
server runs in any environment where
an appropriate container exists, and
it uses any of the main data bases
available on the market. Its architecture
also assures availability and scalability
of all services offered by PowerSecurityTM.
Its management tools are 100% web-based,
which allows the entire system to
be administrated, operated and monitored
from a traditional Internet browser.
|
