|
By providing a comprehensive solution to common security objectives, the NCICB Common Security Module (CSM) helps eliminate the need for development teams to create their own security methodology. The CSM provides application developers with powerful security tools in a flexible delivery. It is flexible enough to allow application developers to integrate security with minimal coding effort.
CSM provides solutions for:
- Authentication - Validating and verifying a user’s credentials to allow access to an application. CSM, working with credential providers (Lightweight Directory Access Protocol (LDAP), Relational Database Management Systems (RDBMS), etc.), confirms that a user exists and the password is valid for that application.
- Authorization - Granting access to data, methods, and objects. CSM incorporates an Authorization schema and database so that users can only perform the operations or access the data to which they have access rights.
- User Provisioning - Creating or modifying users and their associated access rights to your application and its data. CSM provides a web-based UPT that can easily be integrated with a single or multiple applications and authorization databases. The UPT provides functionality to create authorization data elements like Roles, Privileges, Protection Elements, Users, etc., and also provides functionality to associate them with each other. The runtime API can then use this authorization data to authorize user actions. The UPT consists of following two modes:
- Super Admin – accessed by the UPT’s overall administrator; used to register an application and assign administrators.
- Admin – used by application administrators to modify authorization data, such as roles, privileges, users, etc.
- CSM GAARDS Migration Module – The CGMM was chartered to provide a solution to migrate existing web applications from CSM based authentication to use GAARDS based authentication. CGMM allows avoiding duplication of accounts, single set of credentials that can be used for multiple applications, ease of use and provisioning of new Users with Grid Identities. CGMM comes with configurable caGrid Identity providers for authentication and leverages configured caGrid Authentication services and Dorian services.
- Instance Level Security for Groups – CSM now supports ability for users to perform instance level filtering of data for User or Groups. The User Provision Tool (UPT) allows administrators to provision security filters for instances of domain classes and the API filters the results of the queries based on the access policy. The filtering of data is done at the database level with minimum overheads.
- Attribute Level Security Enhancements - CSM now supports attribute level filtering of data based on user or group based permissions. The Common Logging Module has also been integrated with attribute level security. The introduction of Strict or Lenient behavior has enabled caCORE SDK to leverage attribute level security features fully in the SDK’s Writeable APIs.
- Several API Enhancements – CSM API have been improved with added methods for checking permissions, improved exception handling, domain classes improvements, added provisioning methods to avoid database deadlocks in multi-threaded environment.
- Performance Enhancements - The CSM APIs has been improved by optimizing the SQL queries, domain object improvements and additional methods to enhance performance for many integrating applications.
- UPT Usability Enhancements - CSM UPT has been enhanced with the improved Instance Level Security provisioning, improved browser compatibility and User unlock feature. The Instance level screen now allows JAR’s containing hibernate annotated domain classes.
- Increased CSM Integration with caCORE SDK - All the new security features have been integrated into caCORE SDK to provide robust security solution for caCORE SDK based systems. caCORE SDK now leverages CSM features such as Attribute Level Security for Groups, CLM integration with SDK, CLM integration with Attribute Level Security and Strict vs. Lenient Behavior of Attribute Level Security to enable Writeable APIS and Multiple Interceptor injection at runtime for increased functionality.
NCICB provides access to the CSM at our public Download Center. The distribution contains the major components of the CSM (authentication, authorization and User Provisioning), CSM GAARDS Migration Module, Developers Guide and Release Notes. Also the CSM features integrated in caCORE SDK can be downloaded from caCORE SDK Download website. The only required software tool not supplied is a Java Development Kit (JDK). We recommend Java 2, version 1.5.0 or higher, which can be obtained here .
The CSM (including its source code) is distributed under an open-source license .
NCICB maintains the following mailing lists as discussion forums with caCORE users and developers:
- Users' Discussion Forum , for users of the CSM API and CSM User Provisioning Tool, CSM GAARDS Migration Module, CLM API and CLM Log Locator Tool.
NCICB encourages you to submit questions and bug reports via NCICB Application Support .
- CSM Guide for Application Developers contains detailed instructions on the use of the CSM. The CSM Guide for Application Developers includes:
- CSM API User Guide: contains detailed instructions on the use of Authentication and Authorization using CSM.
- Instance and Attribute Level Security: contains details instructions on how it works and instructions about using it.
- CSM UPT User Guide: contains detailed instructions on the use of the User Provisioning Tool of CSM.
- Web Services Guide For Application Developers: contains detailed instructions on how to deploy and use the CSM Web Services.
- Other details.
- CSM 4.1 Java Docs contains the current CSM API specification.
- CSM 4.1 Release Notes contain a description of bugs fixed since the previous release, new features, and known issues in the present release.
- CGMM Technical Guide contains detailed instructions on the use of CGMM. The Guide includes
- CGMM Overview: contains details on the need, business requirements, overall architecture and components involved with use of CGMM.
- CGMM API User Guide: contains detailed instructions on integrating CGMM API with existing host applications.
- CGMM Tool User Guide: contains details instructions on the scenarios covered by the CGMM Tool web application.
- Installation and Deployment of CGMM: provides detailed instructions, steps and checklist along with sample reference implementation installation guide.
|