Date: Thu, 28 Mar 2024 22:36:40 +0000 (UTC) Message-ID: <1299523712.7111.1711665400963@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7110_1523159012.1711665400961" ------=_Part_7110_1523159012.1711665400961 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
CMU is working with a SAAS vendor to outsource its student accou= nts receivable functionality but integrate that functionality into its exis= ting Student Information System. Integrating services from many vendo= rs is our core strategy for constructing a new Student Information System. = The AR service come with an existing authorization model that has to be int= egrated into the overall SIS - that model being roles and business rules. C= MU is permitted to assert roles as part of a SAML assertion but the fine gr= ained business rules are handled by a UI that exists as part of the s= ervice.These rules determine what various roles can do against resources. T= here are several problems to be solved.
Building an application our of SAAS services is a strange sort of federa= tion. As time goes by I believe we will see all the usual access management= models ( shared directory, authorization assertions passed with each servi= ce call, provisioning each service via a privileges metastore).