Enterprise Policy Management (EPM) is an access management model that lets you protect business applications without requiring an in-depth knowledge of SiteMinder-specific concepts and components.
EPM presents policy configuration in the context of securing an application. To protect an application, you are only required to provide data for configuration settings that do not have defaults; modifying other settings is optional. This makes policy configuration more straight-forward. You can manipulate additional SiteMinder settings that allow you to define more fine-grained protection of an application; however, this is not required.
For the administrator already familiar with SiteMinder, there is a relationship between the application-oriented concepts and the underlying SiteMinder components, which is reflected in the Administrative UI. The following table shows this relationship.
|
Application Dialogs and Group Boxes |
Underlying SiteMinder Component |
|---|---|
|
General settings |
Defines the policy domain |
|
Components |
Defines the realm |
|
Resource |
Specifies the rule |
|
Application Roles |
Replaces the function of user directory lookups |
EPM introduces the application role. An application role defines a set of users who have access to a resource or group of resources. The set of users is identified by a named or unnamed expression. Application roles lets you define privileges for users requesting access to an application.
EPM offers the following benefits:
The focus on applications relates closely to the view of access management by most businesses.
The security enforcement model for EPM is no different than implemented by the more SiteMinder-centric model; however, the SiteMinder-specific components are hidden from configuration.
Securing resources is simplified—you name the application, the application resources that need protecting, and the application roles that are permitted access. You are not required to examine or modify every aspect of a component to establish a security policy.
A SiteMinder administrator can grant access to an application without expert knowledge of SiteMinder. This enables a senior security administrator to delegate access management responsibilities to other administrators.
|
Copyright © 2012 CA.
All rights reserved.
|
|