It would be awesome to make IWA and Web Authentication part of the standard install and configuration for EBI.
Very sensible proposal the only thing is that WEB autentication and IWA are often to be conencted to indentity systems out of the area of the SAS machines.
I would like to add to the proposal: strategies and approaches to solve that part.
That will be amazing, however I do not think it's a sensible approach since most IWA will be different from site to site. Configuring IWA would be more site specific and requires configuration more on the OS rather than with SAS.
For the high level approach this is sensible. as (top down):
Normal business strategies start with RBAC (Role Based Access Control), that is describing the necessary access to Information and tools/software everybody in the organization needs to have doing his job.
There are just 4 object-collections types involved: 1/ Accounts (personal/non-personal) 2/ Groups (they way to authorize) 3/ Business data/software (can be just storage location or complete processes) 4/ tools/middleware. The hardware and OS are not visible for the business at this level.
At the low level this does not make sense as all technical implementations are not very well to adjust to needed detail objects. RACF LDAP AD and more as DBMS systems are not that easy being defined from one central point (pull approach). Hower it is more easy to do synchronisation (push approach).
Sorry but Windows with AD has the most advanced integration on this. A domain with many servers and automatic propagation to all off them. Even at this environment when you are dealing with SQL-server you have additional objects not known in AD, The .Net environment was setup with an own dedicated security approach because lack of cooperation of AD.
As even MS failed in one standard approach for all, why would SAS capable in overruling that?
For SAS as it is build on a OS using other tools why would they ignore those requirements and try to overrule that?
At many place in SAS documentation is stated: implement your OS controls. When you are having additional requirements you can. ......And now what is happening is the other way around we start with you can. ... oh what about OS controls? What is an OS? (arghhhh)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.