The XACML and Fine-Grained Authorization Leader
Product Overview
Keystone for SharePoint 2010 provides authorization services that bridge the gap between SharePoint’s own capabilities and the real-world demands of security-conscious enterprises. Keystone delivers fine-grained authorization for SharePoint through run-time calls to any number of authorization sources containing user attributes. This means that authorization for multiple (possibly hundreds or thousands) SharePoint instances can be based on existing authorization within Active Directory, enterprise applications, an identity and access management framework, or anywhere that authorization and entitlements have already been established and proven.
Keystone for SharePoint understands and leverages the established roles each individual user has, and based on that role, dynamically grants appropriate access to SharePoint based on existing permissions. Keystone-enabled SharePoint instances benefit from a stable, immutable, security-enabled lifecycle because enterprise-wide policy, identity management, and role management are all determined independent of SharePoint. The result is more secure, more easily managed, and more fine-grained authorization for SharePoint environments.
- Fine-grained authorization for SharePoint
- Enforcement of legal and ethical boundaries within SharePoint through Segregation of Duties and Information Barriers
- Authorization based on existing sources, roles, and policies
- No change to the SharePoint user experience – no retraining
- Support for an unlimited number of SharePoint instances
- Standards-based architecture
- Comprehensive audit capabilities
- Code-less authorization