Sync Web portal Store retrieve Data ADAM Authentication
验证: 解决方案 Sync Web portal Store / retrieve Data ADAM Authentication Server Web Client Rich Client Infrastructure Active Directory
鉴权:Authorization Manager authorization Az Man Web portal ADAM Bob Mary (User) (Admin) Authentication 用 使 议 建 Server 基于角色的鉴权 基于查询的组保证业务灵活性 应用程序设计时定义角色策略 Az. Man Infrastructure Directory
鉴权:Az. Man: Windows Server 2003, Windows 2000 (需下载) 高可伸缩性的角色和策略存储: AD / ADAM Policy definition script: Set App = Az. Man. Store. Create. Application(“Asset. Tracker") App. Create. Operation(“View. Rpt") Set Task=App. Create. Task(“View Report") Task 1. Add. Operation CStr(“View. Rpt")
鉴权:实现 Authorization Manager '------- at application boot -Az. Pol. Initialize 0, “msldap: //Server: port/CN=My. Store, DC=… App = Az. Store. Open. Application(“Asset. Tracker") '------- at client Connect -Context = App. Initialize. Client. Context. From. Name '------- on request -Context. Access. Check(“View. Rpt", Scope, Operations, Names, Values) Context. Get. Roles () 满足需求 一致的角色映射,可在多个应用间重用 角色分配可由管理员指定,未硬编码入应用
鉴权:解决方案 Sync Auth. Z Az Man Web portal App Data ADAM Server Web Client Rich Client Authentication Infrastructure Active Directory
身份存储: 活动目录 Sync Web portal LDAP ADAM App partition Client Server AD Infrastructure Active Directory 用于企业范围内的身份及配置数据 ADAM 用于应用范围内的身份及配置数据
身份存储: 实现 Managed code: System. Directory. Services : 较高层次的接口, 易用 System. Directory. Services. Protocols : 提供 较低层的LDAP访问,适用于高性能的应用 ADO. NET : 部分功能 Native code: Active Directory Service Interfaces (ADSI) LDAP Win 32 API set for C and C+
身份存储: 解决方案 Sync Web portal Store/ Retrieve Data Az Man App Data ADAM Authentication Server Web Client Rich Client Infrastructure Active Directory
生命周期管理:解决方案 ADAMSync <configuration> <security-mode>object</security-mode> <source-ad-partition>DC=contoso, DC=com</source-ad-partition> <target-dn>dc=contoso, dc=com</target-dn> <query> <base-dn>dc=contoso, dc=com</base-dn> <object-filter>(samaccountname=xxxx)</object-filter> <attributes> <include></include> <exclude>reports</exclude> </attributes> </query> </configuration> 满足需求: ADAM与AD之间的同步 简单且易于维护
生命周期管理:解决方案 ADAM Sync Web portal Store/ Retrieve Data Az Man App Data ADAM Server Web Client Rich Client Authentication Infrastructure Active Directory
应用需求 访问控制 验证: Windows Integrated 鉴权: Authorization Manager 身份存储 用户凭证(credentials)及配置信息(profile data): AD & ADAM 对身份数据生命周期的管理: ADAMSync
资源 AD Portal: http: //microsoft. com/ad ADAM portal: http: //microsoft. com/adam MIIS Portal: http: //microsoft. com/miis Identity Management Portal: http: //www. microsoft. com/idm Solution Accelerator for Identity and Access Management: http: //www. microsoft. com/technet/security/topics/ide ntitymanagement/idmanage/default. mspx Identity Management Solution Technologies: http: //www. microsoft. com/windowsserversystem/over view/benefits/access/tech. mspx
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
- Slides: 33