Internet2 Confluence has been upgrade to 7.19.20. Questions? Contact techsupport@internet2.edu.

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Lightning

...

Talk

...

at

...

CAMP

...

in

...

Philadelphia,

...

June

...

16,

...

2009

...

perMIT
...
in
...
5
...
minutes:
...

MIT
...
has
...
had
...
a
...
centralized
...
privilege
...
management
...
systems
...
for
...
about
...
a
...
dozen
...
years.
...

We're
...
in
...
the
...
process
...
of
...
rebranding
...
this
...
with
...
the
...
name
...
perMIT
...
and
...
we
...
are
...
making
...
this
...
a
...
open
...
source
...
product.
...
perMIT
...
is
...
the
...
next
...
generation
...
of
...
MIT
...
Roles.
...
http://mit.edu/permit
...
Technologies:
...
MySQL
...
database
...
SOAP
...
based
...
Web
...
Service
...
for
...
reading
...
and
...
writing

perMIT's
...
basic
...
building
...
blocks:
...
Categories,
...
which
...
typically
...
are
...
used
...
to
...
lump
...
all
...
of
...
the
...
relations
...
that
...
encompass
...
a
...
particular
...
application.
...
However,
...
categories
...
in
...
some
...
cases
...
lump
...
the
...
relations
...
that
...
span
...
more
...
than
...
one
...
application.
...
For
...
example,
...
privilege
...
management
...
in
...
the
...
financial
...
domain
...
may
...
span
...
the
...
ERP
...
and
...
the
...
Data
...
Warehouse,
...
and
...
a
...
forecasting
...
system.
...
ASPECs
...
are
...
within
...
a
...
Category.
...
ASPECs
...
==
...
Subject
...
+
...
Function
...
+
...
Qualifier
...
or
...
"Who"
...
+
...
"What"
...
+
...
"Where
...
or
...
when"
...
ASPECS
...
can
...
have
...
starting
...
and
...
ending
...
dates.
...
ASPECS
...
can
...
have
...
a
...
GRANTOR
...
flag
...
which
...
determines
...
if
...
the
...
SUBJECT
...
of
...
an
...
ASPEC
...
can
...
also
...
grant
...
this
...
ASPEC
...
to
...
others.
...

Qualifiers
...
are
...
defined
...
in
...
a
...
hierarchy.
...
This
...
has
...
two
...
benefits:
...
It
...
gives
...
us
...
an
...
inheritance
...
model
...
which
...
reduces
...
data
...
entry
...
when
...
defining
...
authorizations.
...
We
...
are
...
not
...
restricted
...
to
...
a
...
single
...
organizational
...
view
...
of
...
the
...
organizations.
...
Examples:
...
HR
...
org
...
structure
...
Financial
...
org
...
structure
...
Course
...
or
...
school
...
hierachy
...
Physical
...
location
...
...
...

Structured
...
Rules
...
evaluation
...
engine
...
provides
...
the
...
ability
...
to
...
take
...
data
...
from
...
any
...
system
...
of
...
record
...
and
...
create
...
ASPECS
...
populated
...
with
...
individual
...
SUBJECTS.
...
We
...
call
...
this
...
implied
...
authorizations.
...

Example:
...
Implied
...
Authorizations:
...
Housing
...
data
...
used
...
to
...
create
...
ASPECS
...
for
...
dorm
...
door
...
access
...
control.
...
Explicit
...
Authorizations:
...
House
...
masters
...
able
...
to
...
grant
...
additional
...
exceptions.
...

Example:
...
Implied
...
Authorizations:
...
Organizational
...
data
...
used
...
to
...
populate
...
ASPECS
...
that
...
are
...
queried
...
by
...
Library's
...
EzProxy
...
for
...
fined
...
grained
...
access
...
control
...
to
...
some
...
3rd
...
party
...
databases.
...
Explicit
...
Authorizations:
...
Librarians
...
and
...
some
...
DLC
...
AO's
...
able
...
to
...
grant
...
exceptions.
...
E.g.
...
for
...
visiting
...
faculty
...
member

perMIT does not yet manage all applications at MIT but it is used by many systems including:
SAP
Departmental Telephone Contacts
Environmental Health and Safety
Graduate Admissions
Undergraduate Admissions
Payroll
HR
Labor Distribution
Portal
VoIP
Touchstone Account Administration
Warehouse
Student Information Services
Libraries
MIT ID DB
Master Departmental Hierarchy