TechPG - Services - KAURI

home > services > KAURI > security

The KAURI Framework™ provides a multi-layered approach to securing system data and access. Starting with the security provided by the underlying database, the KAURI Framework™ implements layers of security that cover all access to application code, system access within the code, and users’ role-based authorizations.

By implementing a multi-layered security model within the KAURI Framework, secure systems are developed with the knowledge that an effective overall security policy is implemented.

The ‘Rings’ of KAURI Security:

ASP.NET Forms Authentication—The KAURI Framework’s first layer of security is ASP.NET’s forms authentication module to secure the application to only authorized users—providing an application programming interface (API) for HTTP cookie authentication.
The KAURI User Ticket—In addition to receiving an authentication cookie, a KAURI Framework user ticket is assigned to the user after successfully logging into the system. The user ticket contains the user ID, username, information regarding the user’s security clearance and personal preferences which are read from the database. This user ticket is stored in memory on the server for quick access by the Framework whenever it needs information about the current user. The KAURI Framework user ticket expires under the same conditions as the ASP.NET forms authentication cookie.
Role-Based Security—In addition to authenticating users into the system, security is used to determine the functions a particular user has access to within a KAURI Framework developed application. Although ASP.NET provides its own set of classes for role-based security, the Framework implements its own granular and flexible role-based security.

Any data or function within the developed application that is identified as needing limited access is protected by a security function. Most of these are identified as read, update, insert, and delete rights for each individual object in the system. They can be controlled at the page or control level. For instance, a user without view rights to an object will not see any reference to the object. However, a user with view rights, but without update rights, can view the object, but does not have access to the update data.

Security functions are grouped together into roles which identify the actions a user may perform. Users can either be assigned to a single role or to multiple roles. Thus, the user has access to all security functions identified by any of his or her roles. Any individual user’s security profile can be modified to deviate from specific roles by adding additional security functions or restricting parts of a role.

Biometric Support—Support for biometric devices is provided within the KAURI Framework. This optional functionality controls both user logon and authentication within developed applications. When implemented for user logon, the biometric functionality will verify that the individual who has signed onto the network is the same individual as the one attempting to access the system. Within the application, the authentication functionality can be used to determine whether a worker who is attempting restricted to perform processing is authorized to perform the function. This functionality keeps users from walking up to logged-on terminals or borrowing another worker’s ID and password to perform unauthorized actions.
Administrative Login Features—KAURI provides various administrative settings within the framework dictionary that allow authorized users to control how login access is maintained. These settings can be changed by users within the application.

Password Cycle Use – This setting restricts a user from reusing any of their last n passwords.
Password Cycle Days –Restricts users from reusing any password that they have used with n days—prohibiting continual password changes to bypass the password cycle use setting.
Password Expire Days – Determines the amount of time in days a user’s password will expire from the day it is set.
Maximum Login Tries – This setting determines how many consecutive unsuccessful login attempts can be used with the same username before the user’s login in locked.
Login Lock Interval – Determines how many minutes must pass before a user with a locked login can attempt to login to the system. Entering a value of 999 requires a security officer to reset the ID before a login can be attempted.

For more information, contact Technology Partnership Group at info@techpg.com.