SAS® Integration Technologies: Administrator's Guide (LDAP Version)
SAS® Integration Technologies: Administrator's Guide (LDAP Version)
SAS® Integration Technologies: Administrator's Guide (LDAP Version)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.<br />
are discussed separately and in more detail in the following two topics, in practice they are examined at the<br />
same time as you are defining your channels. You cannot define an information channel without first knowing<br />
who needs to see the information and how that information should be restricted.<br />
Identify initial subscriptions<br />
When you plan an initial set of information channels, you must identify the users, groups, and applications<br />
that are initially subscribed to those channels. The information to set up these subscriptions is taken from the<br />
information you collected when you planned the channels. An understanding of your organization's need for a<br />
publish and subscribe system must include not only what information needs to be published, but also who<br />
needs to see that information.<br />
However, you do not have to determine every piece of information that every individual needs to see. Rather,<br />
the process of planning initial subscriptions focuses on wider distributions of information, such as identifying<br />
the essential information that departments and groups of users need. How closely you follow this guideline<br />
depends on your organization's needs − there might be a few critical users who need to receive specific<br />
information, and there might be a need to subscribe a group of users to a tightly focused channel. In general,<br />
however, the initial subscriptions that you plan cater to distributing essential information to the largest number<br />
of users. Subscribers can set up subscriptions to tightly focused channels themselves as the need arises.<br />
After you have determined the list of initial subscribers for each channel, you must determine how the<br />
information is to be distributed to each user (whether by text e−mail, HTML e−mail, or through a queue) and<br />
identify their address information. The address information is essential for setting up both subscriber entries<br />
and the <strong>LDAP</strong> directory.<br />
3. Analyze information security requirements<br />
When you plan information channels you must also consider security for your publish and subscribe<br />
implementation in order to ensure that the information that is published on each planned channel is uniformly<br />
sensitive. For example, if you plan for a single channel to distribute accounting information throughout your<br />
organization, you will encounter a security problem when the accounting department needs to publish<br />
sensitive information (such as employee salaries). With only a single, unrestricted channel, you cannot publish<br />
the information to a specific set of users. In your consultations with users, you must identify information<br />
channels whose access needs to be controlled.<br />
Your plan must address both methods that <strong>Integration</strong> <strong>Technologies</strong> uses to implement security −<br />
authentication and access control.<br />
Authentication security involves the process of users connecting to the <strong>LDAP</strong> server. Because the <strong>LDAP</strong><br />
server contains all of the definitions for <strong>Integration</strong> <strong>Technologies</strong> objects (including subscribers, channels, and<br />
servers), a user must be able to connect to the <strong>LDAP</strong> directory in order to make any changes to the <strong>LDAP</strong><br />
definitions. This level of security is controlled when users supply a distinguished name and corresponding<br />
password when they connect to the directory.<br />
Access control security controls the information channels that users have access to. Without any security,<br />
users are able to subscribe to any information channel in your organization and access sensitive information.<br />
To prevent this, you must to create access control lists (ACLs) in the <strong>LDAP</strong> directory in order to specify what<br />
definitions and attributes users have access to. To plan for implementing access control security, you must<br />
consider what kinds of users access the directory and what kinds of information they should have access to.<br />
As an example, the following are some possible user classes and questions you must consider for each one:<br />
General subscriber<br />
<strong>SAS®</strong> <strong>Integration</strong> <strong>Technologies</strong>: <strong>Administrator's</strong> <strong>Guide</strong> (<strong>LDAP</strong> <strong>Version</strong>)<br />
Administering the Publishing Framework (Publish and Subscribe Planning and Implementation <strong>Guide</strong>) 209