Security Basics
All Microsoft Provisioning System components use discretionary
access control lists (DACLs) and access control entries (ACEs) to
control the access permissions granted and denied to specific users
and groups for individual objects. Microsoft Provisioning System
flows through the security context of a request, so it can support
multiple roles with different security policies and permissions.
Additionally, individual components implement specific
functionality for secure provisioning of services and support.
- Microsoft Provisioning Framework security-In Microsoft
Provisioning Framework (MPF), security is based on the effective
management of authentication, authorization, and data services. The
management of these elements includes support for impersonation and
delegation, which are necessary in order to specify the credentials
under which certain procedures and processes run. This security
also uses encryption and other security features that prevent
unauthorized access to data and the provisioning
infrastructure.
- Microsoft Provisioning System implementation
security-Microsoft Provisioning System (MPS) builds on the
security features of MPF. It includes several Active Directory
security features to ensure that appropriate privacy applies to all
user accounts and data. These features include the security
features of other components and products to ensure that users view
and access only the objects and data for which they are authorized.
The additional security features include those of Active Directory,
Microsoft Exchange Server 2007, Internet Information Services (IIS)
version 6.0, and FrontPage 2002 Server Extensions from Microsoft.
The business logic of the non-provider namespaces of Microsoft
Provisioning System enforce the rules required to implement the
additional security features.
For more information on Microsoft Provisioning System security,
see Security in Microsoft Provisioning Framework. For more
information on how Microsoft Provisioning System implements the
component infrastructures to support security, see Implementation
architecture in this document.