MUSC Infrastructure Standards: User Authentication and Authorization
MUSC maintains centralized, standards-based user authentication and authorization services. All records in these authentication and authorization services are derived from MUSC's user identity management system (IDMS). User enrollment in all of these systems is driven by events that occur in administrative Systems of Record including those in Human Resources (hirings, terminations, position changes), Enrollment Services (admissions, graduations, etc.), and the Provost's Office (faculty appointments).
Application systems should use these existing authentication and authorization services whenever possible.
- Network authentication services
- Kerberos V5
- Microsoft Active Directory
- Local authentication services
If an application cannot use any of the existing authentication and authorization services, then in most cases arrangements can be made to download the authentication records required by the application from MUSC's central account management system, in a standard format (e.g. UNIX passwd file), to the application's own server(s), for local use by the application.
- Authorization services
MUSC proactively maintains accurate role and status information for all faculty, staff and students in its enterprise LDAP directories, with the expectation that applications will apply this information to whatever processes they use for creating their own user authorization profiles. If an attribute needed for user authorization is available in MUSC's enterprise directory, or can reasonably be made available there, then no application should require the collection of that attribute from any other source.
$Id: authentication-authorization.html,v 1.2 2003/12/04 19:52:27 gadsden Exp $