User management is the holistic term given to all aspects of management associated with any user of the Verne system. Therefore, within the framework of User Management we have the following concepts:
- User profiles
- Authorisation
- Authentication
- Organisations
- Permissions
- Permission pools
- Permission groups
- Teams
Vern User Management is in fact a separate register of users, organisations, permissions, permission pools, permission groups, teams that are all used by the Verne Security Core for the purpose of user authentication and authorisation.
See below the conceptual data model describing the relationships between these concepts:
Authentication and authorisation
The Verne security system manages the identification, authentication and maintenance of Verne users. In general security models, including that within Verne, there are three key terms that are used to determine the security status of system users and their access to a system’s data and function. The key terms are:
- Identification – Identification is the act of a user claiming they are somebody in particular. In the information security world, this is analogous to entering a username.
- Authentication – This step in the process involves the user proving that they are who they say they are. Within Verne they do this by providing a password, along with their user name. In order for authentication to be successful the username and password must match a valid profile within Verne.
- Authorisation – The final step in the sequence, authorisation involves the system determining the functions and data to which the authenticated user has access.
Third party authentication and authorisation
The authentication and authorisation processes are logically separate and can be performed by different systems. Verne can be used to perform both functions, one of them or none. Verne can be integrated seamlessly with existing authentication and authorisation modules. Verne provides an interface that enables integration with external authentication systems such as LDAP, Active Directory, or all-of-government systems. Such an approach allows the client to leverage off any existing initiative they have to simplify user experience of government systems. In the case of external authentication, the user’s profile details are returned to Verne to allow authorisation to be performed.
Authentication and authorisation flow
