Access Control Lists (ACL) Implementation Solutions

Challenge
Security is a concern for any system that may be storing sensitive information, such as identity data. Your security policy may define a requirement to implement Access Control Lists (ACLs) to control who has access to what data. While most LDAP repositories and relational database systems have support for this sort of functionality built-in, the prospect of managing these lists across a multitude of different repositories can quickly become a daunting task if your infrastructure has grown to include more than a couple of repositories.

Ensuring that rules are up to date on all systems and that the rules are coherent with a single policy that defines the rules for access for all systems is tricky in a multi-server environment. Naturally, this problem is vastly exacerbated if you choose to make use of some middleware system that is going to be accessing multiple repositories and presenting data from each of these in different ways.

Solution

Symlabs Virtual Directory Server and LDAP Proxy, both include a powerful ACL plugin, that is capable of providing extremely fine-grained control over the access that it grants to specific data within your backend repositories. This system allows you to define ACLs that control permissions right down to the specific attributes that you would like to prevent or allow a user to have access to.

There are a number of very important benefits to allowing a middleware component to handle the A that you wish to implement for your data layer. The first, and perhaps the most obvious, is that you can centralise your security policy so that there is only one place to define the rules for all systems. Secondly, the policy applies in the same way to all of your backend data systems. This means that you do not have to work out how to implement an ACL for each different system that you are using, as an ACL for a database system will be implemented in an entirely different way to an ACL put into place for a specific LDAP server. Furthermore, the policy can be applied using information from different repositories. For instance, it is possible to create a policy that defines whether users authenticated on one LDAP server are able to access particular data stored on a completely separate LDAP server. This is perhaps the most powerful level of control that you can imagine with regard to creating a security policy across a variety of data systems.

Symlabs ACL plugin, provides an easy-to-configure and powerful method of gaining control over the security of various data components within your infrastructure, regardless of the complexity of the relationships between systems and identities.

About Symlabs

Symlabs is the performance leader for virtual directory and identity management solutions. Benchmarks show Symlabs Virtual Directory Server, LDAP Proxy and Federated Identity Suite are the fastest and most powerful products in the industry for managing and unifying identity data. Global giants like Sony, IBM, Vodafone, Nokia and United Nations already depend on Symlabs to add flexibility, security, and reliability to their infrastructure. Symlabs also offers annual support, training and professional services to our clients to help them develop, integrate, and maintain solutions.