Nortel Networks NN42020-123 manual Authorization

Page 11

Copyright © Nortel Networks Limited 2006

11

system. These administrators can be added/modified through both the Provisioning Client and the OPI itself.

Utilizing, the standard HTTP basic authentication enables OPI to be interoperable with the common web services toolsets. Typically, the toolsets allow for simple inclusion of username and password adhering to this standard. Within the MCS system the authentication is performed locally in memory to alleviate the reoccurring authentication. In addition, the authentication and authorization are kept in synchronization with the Provisioning Client, so changes to the administrator profile from either the Provisioning Client or the OPI are immediately effective.

Authorization

Authentication is the first step in processing the incoming request. Once the request has been authenticated, the administrator must clear authorization before performing the action. The authorization includes both domain-level authorization and provisioning-level authorization. If either fails validation, a SOAP fault is send back indicating the reason for failure, and the action will not be preformed.

Domain-level authorization

Each administrator is assigned one or more domains for access and control (this can be overridden by the "All domain access" in role creation). For instance, the MCS system might consist of three separate domains, Widget.com, Gadget.com, and Sprocket.com. An administrator, WidgetAdmin, can be created with only Widget.com in the list of "provisionable domains". This limits WidgetAdmin to provisioning activities inside of this domain only, and will not permit access to the other domains. Therefore, if a request from WidgetAdmin comes in to modify a user outside of his domain, it will be rejected having failed authorization. In addition, attempts to list domain information will only return Widget.com information.

Provisioning-Level authorization

The provisioning module of the MCS system is broken into various major categories (Domains, Users, Telephony Routes, etc.). The provisioning system allows for various administrator roles to be created across these categories. Upon creation, the administrator is assigned to a particular role. This allows the service provider to create various administrator roles to suit their specific needs. In each category the role can have any combination of the following rights: Read, Write, and Delete. For example, a "user admin role" could be created which only had the ability to read domain info, and read, modify, and delete user information. The administrators given this role will not be able to manipulate the telephony routes, or other areas of the MCS system.

Open Provisioning Interface Reference Guide

Page 10 Page 12
Image 11
Page 10 Page 12
Contents Multimedia Communication Server Page Finding the latest updates on the Nortel Web site Page Getting help from the Nortel web site Getting help over the phone from a Nortel Solutions CenterGetting help through a Nortel distributor or reseller Open Provisioning Interface introduction Web Services Description Language WsdlLogical view of OPI interactions Third party client developmentGenerate stubs Get the WsdlAuthentication Authentication and authorizationImplement interface accessing stubs Access stubs from the third-party applicationDomain-level authorization Provisioning-Level authorization AuthorizationSuccess indication on remove methods Provisioning InterfacePROV606 logs Deprecated methods and method fieldsExample Provisioning data visibilityDeprecated method elements Sheet 1 Affected method Affected method Deprecated method element Deprecated method elements Sheet 2Page Downloading the Axis toolkit Building OPI Stubs ClientsRequirements Procedure 2 Setting the Classpath Procedure 1 Downloading the Axis toolkitSetting the Classpath Downloading the Wsdl file Procedure 3 Downloadin the Wsdl fileCompiling the stubs Procedure 4 Compiling the stubs \opiclient\com\client\opi\service Writing a client to perform some specific OPI operations Copyright Nortel Networks Limited Two examples Example creating a user route to screen two numbers Page Example creating a route using simultaneous ringing Page Special note on .NET authentication headers Error codes and messages Error Code Error Message Data-Access error messagesDirectoriesImpl error messages Error Code Error Message AddressBookImpl error messages Error Code Error Message Error Code Error Message Error Code Error Message UserServicePkgImpl error messages UserMgrImpl error messages Error Code Error Message RouteMgrImpl error messages DomainMgrImpl error messagesError Code Error Message PersonalAddrBookCondMgr error messages AddressBookGroupCondMgr error messagesGlobalAddrBookCondMgr error messages BannedSubscriberMgrImpl error messages PhoneNumberCondMgr error messagesTimeBlockGroupCondMgr error messages DomainCosMgrImpl error messages TimeZoneMgrImpl error messages DomainProfileMgrImpl error messagesStatusReasonMgrImpl error messages ServiceMgrImpl error messages Error Code Error Message UserPropertiesServlet error messages VoicemailMgrImpl error messages UserDataMgrImpl error messagesDeviceMgrImpl error messages IPCMMgrImpl error messages UserTimeMgrImpl error messages Error Code Error Message Error Code Error Message Page Page Multimedia Communication Server
Top Page Image Contents