This project implemented a redundant, replicated system for providing authentication and fine grained authorization to web applications and services. Its up time has been 99.9999% for the last 12 years.
The authentication and authorization sub-system is based on the LDAP (lightweight directory access protocol) standard, which provides a light weight database optimized for read access and distributed redundancy. The database allows the storage of user id’s, passwords, and grouping of users into authorization groups with fine-grained entitlements.
The key functions of the system include:
1. Allowing data security administrators to create users, groups and fine-grained capabilities assigned at a group level.
2. Capabilities can be assigned to groups which allow users to access application functionality.
3. Applications can interrogate the subsystem to determine which features to present to different users based on their role.