Manuals / Nortel Networks / Computer Equipment / Server

Nortel Networks NN42020-123 manual Authorization, Domain-level authorization

Models: NN42020-123

1 58
Download 58 pages 13.36 Kb
Page 11
Image 11

Copyright © Nortel Networks Limited 2006

11

system. These administrators can be added/modified through both the Provisioning Client and the OPI itself.

Utilizing, the standard HTTP basic authentication enables OPI to be interoperable with the common web services toolsets. Typically, the toolsets allow for simple inclusion of username and password adhering to this standard. Within the MCS system the authentication is performed locally in memory to alleviate the reoccurring authentication. In addition, the authentication and authorization are kept in synchronization with the Provisioning Client, so changes to the administrator profile from either the Provisioning Client or the OPI are immediately effective.

Authorization

Authentication is the first step in processing the incoming request. Once the request has been authenticated, the administrator must clear authorization before performing the action. The authorization includes both domain-level authorization and provisioning-level authorization. If either fails validation, a SOAP fault is send back indicating the reason for failure, and the action will not be preformed.

Domain-level authorization

Each administrator is assigned one or more domains for access and control (this can be overridden by the "All domain access" in role creation). For instance, the MCS system might consist of three separate domains, Widget.com, Gadget.com, and Sprocket.com. An administrator, WidgetAdmin, can be created with only Widget.com in the list of "provisionable domains". This limits WidgetAdmin to provisioning activities inside of this domain only, and will not permit access to the other domains. Therefore, if a request from WidgetAdmin comes in to modify a user outside of his domain, it will be rejected having failed authorization. In addition, attempts to list domain information will only return Widget.com information.

Provisioning-Level authorization

The provisioning module of the MCS system is broken into various major categories (Domains, Users, Telephony Routes, etc.). The provisioning system allows for various administrator roles to be created across these categories. Upon creation, the administrator is assigned to a particular role. This allows the service provider to create various administrator roles to suit their specific needs. In each category the role can have any combination of the following rights: Read, Write, and Delete. For example, a "user admin role" could be created which only had the ability to read domain info, and read, modify, and delete user information. The administrators given this role will not be able to manipulate the telephony routes, or other areas of the MCS system.

Open Provisioning Interface Reference Guide

Page 10 Page 12
Page 11
Image 11
Nortel Networks NN42020-123 manual Authorization, Domain-level authorization, Provisioning-Level authorization
Page 10 Page 12