Home | Search | Help  
Home Page Università di Genova

Technical Report Details

Date 11-2-2008
Number DISI-TR-08-01
Title LDAP Proxy AuthZ avoids Superpowered Middle-Tiers
Authors Marco Ferrante
Bibtex Entry
E-mail ferrante@disi.unige.it
Link http://www.disi.unige.it/person/FerranteM/papers/DISI-TR-08-01.pdf
Abstract LDAP directories offer a fine-grain authorization framework, but these capabilities are often ignored by poorly written applications which require accounts with very high privileges to manage LDAP data. Proxied Authorization is a LDAP security mechanism which helps to develop less critical client applications. Unfortunately, developers of client applications seem to ignore this opportunity. The article will discuss general aspects of LDAP Proxied Authorization comparing available implementations, will show, using a fictional scenario, how to use it with common tools and how to write custom applications. Finally, it will present benefits, some potential problems and possible solutions.
Back to Technical Reports