Authors:
Kareem S. Aggour
;
Barbara J. Vivier
and
Janet A. Barnett
Affiliation:
GE Global Research, One Research Circle, United States
Keyword(s):
distributed administration, delegate authority, LDAP, information management, community management, identity management, Single Sign On
Related
Ontology
Subjects/Areas/Topics:
Databases and Information Systems Integration
;
Enterprise Information Systems
;
Information Systems Analysis and Specification
;
Object-Oriented Database Systems
;
Software Engineering
;
Web Databases
Abstract:
The need to manage large information repositories in a secure, distributed environment increases with the growth of the Internet. To address this need, a system capable of managing the contents of an LDAP directory over the Web has been designed and developed. This system allows for the directory’s data to be divided into communities and supports the delegation of administrative authority over those communities to a distributed set of administrators. The communities may be subdivided recursively into subgroups, and rights over those subgroups also may be restricted. Thus, system administrators can dynamically delegate subsets of their permissions over a subset of their managed data, allowing for the flexible and effective control of permissions over the data within distributed organizations. The system solves the delegated administration problem for managing the contents of an LDAP directory in a distributed environment. Today, it supports the administration of over 20 production dir
ectories by well over 2000 distributed administrators.
(More)