Issues

D N A O S
Knowledge Resource Entitlement, Modeling, Management & Sharing (KREMMS) Platform
In performanced-optimized parallel processing pipelines for streaming content
Collaboration, Virtual-Profile, and Rich-Content portals & applications


portal	home	news	glossary	context	applications	technology	features	services	client	contact	links	support

DNAOS / Context / Security / Issues


Limitations and Issues Currently available security measures and technologies can control access to networks, systems, applications, and even to some application functions. Which is fine but leaves a few unresolved issues including: 1. access vs function limiting access to functionality is contrary to providing users with increased functionality, operations, and services; 2. authorization vs entitlement once the user has access to a functionality, can he get all the data or just a subset, for example if he requests vehicle information from the company's fleet, does he get all the vehicles or just the ones for his department? in his location? Does he get all the information on these vehicles or just the technical but not the financial? 3. profiles vs 24/7 often (ex: J2EE) security profile definition is a deployment task so adding or changing them usually implies re-deployment, not always trivial, especially in 24/7 transactional mission-critical environments; 4. security vs application passing the user profile to the application for the application to decide what action to take and what to return implies that the application logic, the business logic of the application is closely dependent on the security configuration which means that when security configuration changes, so will the application, requiring also re-testing and re-deployment, usually a very expensive proposition, especially in 24/7 mission-critical distributed portal environments; 5. security vs process the load of security checking sits in the application's business logic layer, on (expensive) business application servers, while security should be separate process(es), typically on dedicated server(s), independent of business logic, yet fully supporting it; 6. security vs transform data transform is essential for data exchange but usually separated from security, while transform, exchange, and security are really parts of the same process; 7. profiles and resources vs granularity current profile and data access controls have limited granularity which can become a major constraint for virtual profiles and collaboration portal applications where richer structures require more (unlimited) granularity control.

Previous

Top

Next