These organization requirements:
|
Affect these tasks:
|
- Who requires access to the resources?
- How much access do they require?
- Can you categorize users with similar access requirements into groups?
|
Configuring user directory connections
|
- Which resources require protection?
- Do different resources require different levels of protection?
|
Creating policy domains and realms
|
- How sensitive and valuable is the information?
- How much do you trust your users?
- Are your users local or remote?
- What type of security do your users expect?
- Will you lose customers if security does not match their expectations?
|
Creating authentication schemes using from authentication templates
|
- Are there security guidelines, regulations, or laws your organization is required to meet?
- Do different objects require fine-grained protection or personalization?
- What type of actions do you want to control?
|
Defining rules
|
- What type of security and controls do your users and customers expect?
- Do different groups of users require different views of the resource?
- What events should take place when a user is authenticated or authorized?
|
Defining responses
|
- How will you implement your requirements?
|
Defining policies
|