Application Security - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Application Security

Description:

... level encryption between web server and application server. 4 tier architecture ... Synchronizing User profiles between databases using Application Messaging ... – PowerPoint PPT presentation

Number of Views:70
Avg rating:3.0/5.0
Slides: 21
Provided by: uh
Category:

less

Transcript and Presenter's Notes

Title: Application Security


1
Application Security
  • Same powerful page (menu) and row level security
    from past releases

2
Physical security
  • SSL between web server and browser
  • SSL between app server/ web server for BI and
    App. Msg.
  • Tuxedo link level encryption between web server
    and application server
  • 4 tier architecture
  • expose business functionality outside firewall
  • Keep valuable app server data behind firewall

3
Physical Architecture
4
PeopleTools 8.1 Authentication
  • Native support for two authentication methods
  • PeopleSoft passwords in PSOPRDEFN
  • LDAP password - via User Profile Component
    Interface Sign-on PeopleCode
  • Signon PeopleCode to support other other methods
    (make it flexible)
  • NT domain / unix
  • Kerberos, X.509 certs etc.
  • Partners helping in this are (Entrust, Verisign,
    Novell, etc)

5
PeopleTools 8.1 -- New Terminology
  • PS 7.5 PS 8
  • Operator --gt User
  • Operator Definition --gt User Profile
  • Operator Class(Menus) --gt Permission List
  • Operator ID --gt User ID
  • (Record still PSOPRDEFN)
  • (Field still OPRID)

6
PeopleSoft Password Controls
  • Extended Password Management
  • Maintain Security -gt Setup -gt Password Controls
  • Password Age.
  • Minimum Length.
  • All implemented in PeopleCode
  • Character Requirements.
  • Allow Password to match User ID?
  • Account Lockout

7
Sign-on PeopleCode
  • Runs once for each sign in
  • Primarily intended to
  • Extend authentication logic
  • synchronize User Profile from external data
    source (LDAP)
  • can also be used to declare globals -- full
    PeopleCode language support

8
No More Security Administrator
  • All security maintained in Maintain Security
    -- make it centralized
  • Logically Centralized
  • Security Objects -- upgrade copy / compare
    support
  • Application messaging where appropriate

9
Security Objects
  • Stuff to secure
  • (Pages, Data Rows, Processes, Queries, Sign-on
    times etc)
  • Permission Lists
  • Roles
  • Users

10
Peopletools 7.0 - 7.5x
11
Peopletools 8.1
12
Tools in Tools
  • Internet page-based security administration
    (written in and deployed through the PeopleSoft
    Internet Architecture)
  • Open -- No black box
  • Extensible to meet your decentralized security
    administration requirements

13
Roles
  • Intermediate object between users and Permission
    Lists
  • Permission Lists are assigned to a Role
  • Roles are assigned to a User
  • Unifies workflow and permissions
  • Roles can be dynamically assigned
  • Synchronizing roles-user assignment between
    databases using Application Messaging
  • Upgrade support

14
User Profiles
  • Synchronizing User profiles between databases
    using Application Messaging
  • Not really needed with LDAP integration
  • Extending User profiles
  • User profile API
  • My Profile Page

15
Enterprise Directory
  • LDAP V3 server
  • Authority on who can log in (USERID) and what
    they can do (Role)

16
PeopleSoft Security and LDAP
  • Configure PeopleSoft to grab User Profiles and
    Role-User relationship from LDAP
  • Row of data still inserted into PSOPRDEFN
  • App Server (sign on PeopleCode) managers the
    synchronization
  • Any LDAP V3 server
  • Novell NDS
  • Microsoft Active Directory
  • Netscape (Sun iPlanet)

17
Dynamic Roles
  • Dynamically assign users to Roles using a Rule
    -(PeopleCode Function or LDAP)
  • Eliminating static assignment decreases
    administration costs
  • Schedule Rule execution based on your environment
  • LDAP containers and groups can drive your
    PeopleSoft security

18
PeopleSoft Single Sign on
  • Single sign on page for all PeopleSoft
    applications
  • User still chooses database (by clicking a link)
  • Key to Portal UI in PeopleTools 8.1
  • Technology
  • Encrypted, Digitally signed
  • Expiration time, in memory only
  • List of trusted Nodes

19
Delivered in PeopleTools 8.1
  • Novell NDS eDirectory
  • LDAP password authentication
  • Business Interlinks for LDAP calls
  • Component Interface
  • Sign-on PeopleCode
  • Sample Directory Authentication

20
PeopleTools 8.1 low-level changes
  • User ID Password length now 30
  • Passwords stored in DB as SHA1 hash
  • No More DB-level users
  • No more db connects for individual users
  • ValidateSignonWithDB still works
  • You can run PeopleTools without using DB public
    tables (PSOPRDEFN, PSACCESSPROFILE PSSTATUS)
Write a Comment
User Comments (0)
About PowerShow.com