Monday, May 12, 2008

Control 'who can do what' in Lotus Connections

View Comments
So I've been getting that question from most of my customers.  Ok.   Probably all of my customers.  And sure, we can debate whether or not that question really applies to Lotus Connections, or any other social software for that matter (it doesn't apply!! We don't want to build another KM system... what you want is something OPEN with NO controls!!!).  Anyway.  They keep claiming that they want to protect their information.  But, since 99.999% of all customers are asking for it, I guess we really can't fight it (and believe me, I have tried!!).

So how do I handle this question when I get it from customers ?

First, I need to understand whether they want to control Authentication (who can log in) or Authorization (once logged in, who can do what).  So far, it's a 50-50 mix.  So, the good news is that Lotus Connections v2 adds support to specify which LDAP users or LDAP groups can log on to the application! Yay!!

For authorization, only Communities has very granular controls where you can specify who can do what.  And in some cases that's all the customers want to control (who can create and join communities).  And for those who do want granular controls on the other 4 Connections services ?

I position a companion product for Lotus Connections:  IBM Tivoli Access Manager (TAM) for e-business.  Since all of the Lotus Connections URLs are RESTful it should be pretty easy to configure WebSEAL/TAM to control who has access to which URLs.

blog comments powered by Disqus