| 摘要 |
A stand-alone security system controlling access to secured information and self-service functionality for a sponsor organization, usable for Web-based and IVR-based self-service functions, having five primary facets: (1) control of access to secured information and self-service functionality for a sponsor organization, (2) enabling access to users having indirect relationships to the sponsor organization and to users having a direct relationship with the sponsor organization, (3) distribution of security administration from a central information technology resource to various users of the security system, (4) support for integration into different kinds of environments, and (5) support for system integrators. Key components of access control include (1) association of a userId with one specific person, (2) identification of keys to data in back-end systems and association of those keys with the system users, (3) definition of pieces (segments) of an organization so that permissions are granted based on the pieces instead of the entire organization, (4) definition of roles that a user has based on the functionality to which he has been given permission, (5) a single sign-on for a user who has multiple reasons to use the system, and (6) support for direct and indirect assignment of business functions. A consequence of facet (2) is that the user's employer must identify a person who legally binds that employer and a person who handles day-to-day security administration for the employer. Facet (3) enables multiple levels of distribution, including enabling one organization to delegate its rights to another organization.
|
