Quest One Authorization Policy Server

An Application Security Dial Tone for Diverse Environments

Quest One Authorization Policy Server enables consistent management of access to heterogeneous applications, Web services and data across the enterprise through fine-grained authorization using the XACML standard. The solution provides a consistent “security dial tone” that can be implemented as a baseline for multiple, disparate applications; developers use simple, ready-made plug-ins to fully protect applications, services and data with comprehensive access control capabilities.

Features

  • Enterprise Authorization Management – Replaces redundant and inconsistent authorization policies with a set of fine-grained authorization policies that apply across the entire application portfolio and that can be modified at any time without application code changes. The solution also provides a complete audit trail of rule changes to ensure that authorization rules are applied appropriately and consistently across the enterprise.
  • Unified Policy – Enables consistent policy development, enforcement and auditing by externalizing policy to a single, proven and authoritative authorization source.
  • Real-time Security – Removes the need for rigid, hard-coded security in applications, which enables access governance to be much more nimble and business-focused. Security and policy enforcement occur at runtime through externalized authorization.
  • Authentication Abstraction – Eliminates the need to customize authentication; applications simply consume authentication from a “security dial tone” that connects many authentication providers, including LDAP, Active Directory, RADIUS and more. Directory-based and federated authentications scenarios, X509 certificates and many forms of multifactor authentication are also supported.
  • Separation of Duties – Ensures – and demonstrates – proper separation of duties (SoD) based on user roles and established policy, with granular control over who can access what for your applications. The solution also supports role-based access control (RBAC) and attribute-based access control (ABAC) across diverse applications.
  • Integration with Existing IAM Components – Interoperates seamlessly with other IAM components such as directories, virtual directories and solutions for Web access management, federation, provisioning, identity administration, audit/compliance, role management and workflow – including Quest One Identity Solutions, as well as tools from other vendors.