Newbie: Need some pointers; architecture/APIs for protecting application owned resources
From: Neil Kolban (kolban_at_kolban.com)
Date: 10/04/03
- Previous message: Christopher Kish: "AZMan audits with XML data store"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Oct 2003 18:42:10 -0500
Folks,
I am part of a product development team. This product runs on Windows 2000,
XP and 2003. The product owns resources, for the sake of discussion, lets
call these things "Widgets".
My customer has many, many Windows 2000 and 2003 servers and workstations
and has implemented the Microsoft security models. What he would like to do
now is to provide authorization to access certain widgets through the
Microsoft security models already in place.
As an example, let us assume that there are "capabilities" that I can have
with Widgets ...
say:
o Read
o Write
o Inquire
o Create/Delete
And lets say that we have a user called "bob" signed on at a particular
workstation running the product.
What would the high level architecture or steps look like to utilize the
Windows security model to "ask" the Windows environment the question "can
'bob' read this 'widget'?"
Currently our security model is not integrated into the windows model ...
Ideally I would like to be able to somehow "tell" Windows that my named
'widgets' are protectable resources and have Windows manage my ACL
(Authorization lists) and then my product simply asks Windows "can this
user, who is a member of these groups access this resource?"
Again, I am new to Windows Security and hope that I can get some pointers on
where to start to satisfy this requirement.
Neil
- Previous message: Christopher Kish: "AZMan audits with XML data store"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
