Highest Levels of Security

Eprise application level security is comprised of two basic parts: user authentication and user authorization.

Authentication

When an Eprise page is accessed, Eprise validates a user's credentials against an established account. The user account may be established in the Eprise database or in an external source, or both.  External sources include various options including LDAP directory servers as well CA's SiteMinder (providing "Single Sign On" functionality).

Eprise provides a choice of authentication methods including "standard" Eprise security (users are stored in the Eprise database), silent authentication through NTLM (NT challenge / response), or LDAP authentication. The authentication process verifies a user before obtaining access to Eprise managed content.  All of these options are easily configured by an Eprise administrator and are subsequently transparent to the users of an Eprise site.

The inclusion of silent authentication, integration with "Single Sign On" applications, and LDAP support facilitate user management from a user and an administrator point of view.  Not only does the user not have to maintain multiple user id's and passwords but the access to personalized areas of an Eprise site can be totally transparent to the user.

Authorization

The authorization component of Eprise security is used to provide a personalized web site experience for site users.  Eprise users ("participants") are added to roles.  Eprise roles are used to determine what content and permissions will be available to what users.  The roles drive what content is accessed and how the content is accessed.  Examples of how content is accessed are who can view content, who can modify content, and who can publish content to a live web site.  Similar to users, roles can be defined in Eprise or in a corporate directory server.

The creation and ease of maintainance of roles structure is an important aspect of site security.  The flexibility of the power of Eprise authorization component is apparent in the implicit inheritance structure of Eprise roles. Implicit to an Eprise role is the ability to distribute permissions through recursive role delegation. This means that the site developer can create a set of permissions to the Marketing users, who can delegate a sub-set to their individual Business Unit users, who can delegate to a fourth party and so on. All permissions, including content, page creation, format, and management rules, can be managed through this function.  This allows external vendors or affiliates to be included in an Eprise site with little to no administrative overhead.