其他分享
首页 > 其他分享> > 【Lightweight Identity Management System 轻量级用户体系设计方案】

【Lightweight Identity Management System 轻量级用户体系设计方案】

作者:互联网

Lightweight Identity Management System 轻量级用户体系设计方案

LIMS Design Notebook

【Section 1】Application ARCHITECTURE

LEVEL 1: Monolithic Architecture

LEVEL 2: Vertical Architecture

LEVEL 3: SOA Architecture

LEVEL 4: Microservice Architecture (MSA)

Architecture Consistency

【Section 2】QUICK START

FUNCTIONALITY

  1. USER & GROUP MANAGEMENT
  2. SIGN IN & SIGN ON
  3. ACCESS CONTROL
  4. AUTHORIZATION
  5. ACCESS MANAGEMENT

【Section 3】SSO MANAGEMENT

Enable / Disable SSO

Create Resource Directory

Modify Resource Directory

Associate SSO with Authorization

【Section 4】USER MANAGEMENT

1. Basic Support

  1. Create
  2. Show
  3. Modify
  4. Enable / Disable

2. Sign In Settings

  1. Username / Password
  2. SSO

3. 2FA/MFA Management

  1. Enable / Disable
  2. Delete 2FA/MFA Device

【Section 5】ORGANIZATION MANAGEMENT

1. Basic Support

  1. Create
  2. Show
  3. Modify
  4. Add / Remove User(s)

【Section 6】EXTERNAL IDENTITY MANAGEMENT

1. SCIM (System for Cross-Domain Identity Management) Synchronization

  1. Goal: Standard Multi-Tentant Cloud Application / Service Identity Management
  2. Requirement: To synchronize users / groups from the enterprise IdP.
  3. Steps
  1. Keys Management
  1. Enable / Disable SCIM Synchronization
  2. SCIM 2.0 Object Model
  1. Scenarios
    1. Identity Migration from one Cloud Provider to the other
      • apply SCIM on all stakeholders, i.e., User and Cloud Provider(s)
    2. SSO between trusted applications running in different Cloud Providers
    3. Identity Management: SaaS for a Global Commity
      • Identity Settings
      • Dispatch Info
    4. User Attributes Transferred between Trusted Websites based on Authorization Protocol (OAuth, SAML, etc)
    5. Change Notifications to Website, Requests for change(s) update (caches) issued at desired time to Directory
  2. Features: Interactive, Secure, Scalable; Easy, Cost-Efficient.

2. SSO (Single-Sign-On)

  1. Workflow

【Section 7】ACCESS CONTROL

1. Overview

2. Create

3. Modity

4. Authorization Management

  1. Goals: abstract, plug-in, compatible.
  2. Internal Systems: RBAC
  1. External Systems: ABAC
  1. Note: The more fine the authorization granularity is, the bigger the data volume is.

5. Client Access Types

  1. Confidential
  1. Public
  1. Token

【Section 8】AUTHORIZATION MANAGEMENT

1. Manage Multi-Account Authorization

2. Resource Account Authorization

3. Deployment of Access Configurations

【Section 9】SIGN IN MANAGEMENT

1. Sign In from The Portal, and Access Resources

2. Sign In by CLI, and Access Resources

【Section 10】BEST PRACTICES

1. API Calling

2. Common Parameters

3. Service Management

【Section 11】SSO References

Popular B/S-Architecture SSO Protocols

1. CAS 3.0

2. OAuth 2.0

3. OIDC (OpenID Connect) 1.0

4. SAML 2.0

标签:Management,Section,System,Access,SSO,Authorization,轻量级,Architecture
来源: https://blog.csdn.net/weixin_55413092/article/details/122307539