« INETA Live! From Redmond - Exclusive Webcast on WPF and Windows Forms | Main | Xbox 360: Elder Scrolls IV: Oblivion »
April 11, 2006
The Beauty of SharePoint 2007 - Enhanced Security
Last Friday, the SharePoint Team had a great post outlining some of awesome security enhancements available in SharePoint 2007. My favorite items are 1, 2, and 5 but that may change depending a specific deployment projects where all of these will be sure to be important at some point or another for me. Being able to more easily use SSO will also be a bonus so let's face it - all of these are real exciting!
From the SharePoint Team Blog:
SharePoint 2003 has a robust security model for grouping SharePoint rights into Site Groups and granting Permissions on sites, lists and libraries to users and/or these groups. Here’s my take on the “Top 5” about what's new in Windows SharePoint Services v3 and Office SharePoint Server 2007:
1) Pluggable Authentication – We build on the new ASP.NET provider model so you can use another directory or database, which may be useful for a secure, large scale internet site with an existing customer database (e.g. CMS scenario). We are adding LDAP support to Office SharePoint Server 2007 both with an authentication provider and direct import into the user profile store for targeting, people search, etc. WSS and SPS SP2 added ADFS support for trust between independent organizations (e.g. a reseller trusting their suppliers' directories on the extranet), and we’ll continue that.
2) Granular Security – You will be able to assign unique permissions to an individual document as well as inheriting from the parent directory or Document Library. This also lets us make the security and inheritance model in a complex site cleaner as part of unifying WSS webs with SPS areas and CMS channels. We are also providing an improved people and group picker throughout SharePoint that will make it easier to add users and groups from AD than in the past.
3) Server-Enforced Policy via Information Rights Management – If you are not familiar with Windows Rights Management Services, check out its integration with the Information Rights Management capabilities in Office 2003. It lets you put a digital envelope around an e-mail or Office document that limits what people can do with it (e.g. edit, copy, print, forward), when the document expires, whether the software needs to check back with the SharePoint server for the latest updates, etc. We utilize this functionality all the time inside Microsoft when sharing confidential training information with our salesforce with an expiration date targeted for when we’ll have public content available. In the next release of SharePoint Server 2007, we’ll have server integration with Windows RMS and the extensibility to integrate with other rights management systems so IRM policies you set on SharePoint Document Libraries on the server will be enforced even after the content has left the site (simplistically, the IRM envelope on the downloaded file will match the server-side ACLs).
4) Pluggable Single Sign-On – SPS 2003 shipped with a secure credential cache, so users would not be prompted for multiple passwords for different back-ends from a “composite application” web part page. While you could write custom code in your web parts to use this cache, general purpose tools like our Data View Web Part did this automatically, saving complexity. In SharePoint Server 2007, we’re making this pluggable, so you can use custom or 3rd-party credential caching systems in addition to the one we ship.
5) Security Trimmed User Interface – In SPS 2003, users do not see search results (from not just SharePoint but Windows compatible file servers, Exchange, and Notes) that they did not have the rights to at least read. We have taken the model across the entire SharePoint interface – users will not see actions, links, content, etc. that they don’t have the rights to at least view. This will not only make the system more secure, but more convenient (no access denied when trying to do an operation on a list). In addition, we have added an explicit login/out link on the SharePoint chrome, which can be handy for developers and IT trying out multiple security contexts.
Posted by Amanda.Murphy at April 11, 2006 06:09 PM
Trackback Pings
TrackBack URL for this entry:
http://www.funknstyle.com/cgi-bin/mt-tb.cgi/234
Listed below are links to weblogs that reference The Beauty of SharePoint 2007 - Enhanced Security:
» Amanda Murphy's SharePoint 2007 Blogposts from SharePoint, SharePoint and stuff
Amanda Murphy hat sich in ihrem Blog vielen kleinen neuen Features von SharePoint 2007 angenommen und... [Read More]
Tracked on May 13, 2006 08:05 AM
Comments
Thanks EROL www.clubsps.org
Posted by: EROL at April 17, 2006 03:01 AM