Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3

This document describes the features of the Lightweight Directory Access Protocol v3 that are needed in order to support a public key infrastructure based on X.509 certificates and CRLs

Synchronization of Directory Services with the Event Propagation Framework

This case study introduces the most relevant directory service standard LDAP and the approach how to synchronize these directory services using the Event Propagation Framework (EPF) of iC Consult to establish a cooperate directory service as it is done at Daimler Chrysler

Developing focused auditing tools: A practical framework for creating formalized multi-level security policy specifications

The purpose of this study is that formalized policy specifications and focused penetration testing are needed to effectively audit any information system. Designing and maintaining the security system information is the primary duty of the cyber security professional. In today\u27s world, nearly all government agencies manage some form of financial, defense, national security, and/or privacy information security policies. It is also necessary in this environment that agencies are accountable for auditing the security systems that protect this information

Support of Multiple Replica Types in FreeIPA

Velmi rozšířeným prostředkem pro správu uživatelských účtů a řízení přístupu k výpočetní infrastruktuře a službám je kombinace protokolů LDAP a Kerberos. Instalace jakož i samotná správa sítě postavené nad těmito technologiemi však skýtá mnoho překážek. Jedním z řešení je použití open-sourcové aplikace FreeIPA, která patří mezi takzvané řešení pro správu identit a bezpečnostních politik. FreeIPA výrazně usnadňuje práci s těmito protokoly od samotného nasazení až po správu celého systému. Cílem této práce je rozšíření aplikace FreeIPA o možnost použití read-only replik, které přispěje k snadnější a účinnější škálovatelnosti.LDAP and Kerberos together are widely used for management of user accounts and authorization. The installation and administration of a system based on these protocols might be difficult and full of obstacles. An open source solution exists that is capable of handling the entire life cycle of such system. It is the FreeIPA identity management system. FreeIPA significantly simplify the usage of LDAP and Kerberos from the administrator's point of view. This thesis focuses on extending the replication capabilities of FreeIPA by adding a support for read-only replicas. The read-only replicas should improve scalability features of FreeIPA controlled systems.

MetaComm: a meta-directory for telecommunications

Journal ArticleA great deal of corporate data is buried in network devices - such as PBX messaging/email platforms, and data networking equipment - where it is difficult to access and modify. Typically, the data is only available to the device itself for its internal purposes and it must be administered using either a proprietary interface or a standard protocol against a proprietary schema. This leads to many problems, most notably: the need for data replication and difficult interoperation with other devices and applications. MetaComm addresses these problems by providing a framework to integrate data from multiple devices into a metadirectory. The system allows user information to be modified through a directory using the LDAP protocol as well as directly through two legacy devices: a Definity ® PBX and a voice messaging system. In order to prevent data inconsistencies, updates to any system must be reflected appropriately in all systems. This paper describes how MetaComm maintains consistency when data integration is performed across several systems with no triggers and with extremely weak typing and transactional support. We also discuss implementation details and experiences

User Provisioning Processes in Identity Management addressing SAP Campus Management

This document is the report of the work of an ISWA working team on a WUSKAR case study. This study tackles on the desire of meta directory synchronisation with a proprietary SAP R/3 system in the context of an identity management system. Early tasks concern identifying exact desires and scenarios, modelling the synchronisation process, identifying what relevant data is to be processed, as well as proposing templates for the matching and transformation process. Intermediate tasks are related to the technical aspects of the case study, as well as problem task division and progress management, regular review of strategic and technical choices

Self-adaptive Grid Resource Monitoring and discovery

The Grid provides a novel platform where the scientific and engineering communities can share data and computation across multiple administrative domains. There are several key services that must be offered by Grid middleware; one of them being the Grid Information Service( GIS). A GIS is a Grid middleware component which maintains information about hardware, software, services and people participating in a virtual organisation( VO). There is an inherent need in these systems for the delivery of reliable performance. This thesis describes a number of approaches which detail the development and application of a suite of benchmarks for the prediction of the process of resource discovery and monitoring on the Grid. A series of experimental studies of the characterisation of performance using benchmarking, are carried out. Several novel predictive algorithms are presented and evaluated in terms of their predictive error. Furthermore, predictive methods are developed which describe the behaviour of MDS2 for a variable number of user requests. The MDS is also extended to include job information from a local scheduler; this information is queried using requests of greatly varying complexity. The response of the MDS to these queries is then assessed in terms of several performance metrics. The benchmarking of the dynamic nature of information within MDS3 which is based on the Open Grid Services Architecture (OGSA), and also the successor to MDS2, is also carried out. The performance of both the pull and push query mechanisms is analysed. GridAdapt (Self-adaptive Grid Resource Monitoring) is a new system that is proposed, built upon the Globus MDS3 benchmarking. It offers self-adaptation, autonomy and admission control at the Index Service, whilst ensuring that the MIDS is not overloaded and can meet its quality-of-service,f or example,i n terms of its average response time for servicing synchronous queries and the total number of queries returned per unit time