This page last changed on Feb 25, 2007 by justen.stepka@atlassian.com.

Introduction

Crowd is an application security framework that handles authentication and authorisation for your web-applications. With Crowd you can quickly integrate web applications into a single security architecture that supports single sign-on and centralised identity management.

The application is divided into two parts:

  • The administration console is a clean and powerful web-interface to manage directories, users and their security rights.
  • The integration API provides a platform neutral way to integrate web applications into a single security architecture. With the integration API, applications can quickly access user information or perform security checks.

Designed for ease of use, Crowd can be deployed with your existing infrastructure. Crowd supports Java, .NET and PHP. An unlimited number of directories can be configured. The directory servers can then be linked together providing applications with a single view to multiple directories.

What is the difference between Authentication and Authorisation?

  • Authentication: Is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. Generally this is in the form of username and a password.

  • Authorisation: The authorisation process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y. This often comes in the form of groups, roles and permissions.

What are Crowd's current integration points?

Built In Connectors

Directory Servers
  • Microsoft Active Directory
  • OS X Open Directory
  • SunONE
  • OpenLDAP
Software
  • Confluence
  • JIRA
  • JIVE
  • Tomcat
  • Webwork 1/2

Keep an eye out — more connectors to come!

Does the product include kerberos integration?

No, but we plan to add support for kerberos-based authentication for clients to authenticate verses the security framework. The current roadmap does not have this specifically stubbed out but over the next few weeks we'll be hammering out something more specific.

Currently the Crowd framework supports a generic Credentials object that can be adapted to support any number of authentication approaches such as three-factor authentication.

Does Crowd support SAML or Liberty Alliance?

SAML is a standard that was developed by several large companies for federated identity management. Similarly, Liberty Alliance is a consortium formed to develop and define federated identity management standards and protocols.

In our opinion, for the 98% of businesses who wish to enforce single sign-on, SAML specification is too complex to be truly practical. The breadth of understanding, deployment and support of these large frameworks is beyond the scope of most developers' needs or their ability to manage. Most developers and IT managers need a solution that is simple and cost effective to deploy. Crowd was developed as a practical, simple and secure alternative for identity management and single-sign on across an unlimited number of web-based applications.

I work for a UK higher education institution. You may well have a point about SAML, but the UK education community is proceeding full speed ahead with federated access management (essentially Shibboleth, but that's not quite the official position). Right now, I would like to be able to easily Shibbolise Confluence and JIRA. By round about 2008, it'll be a purchasing requirement. Crowd potentially solves an important problem for us (as well as being Atlassian customers, we are Jive Software customers), but I am in that 2% of customers who need SAML. By the way, on your list of customers here, Universities make up quite a lot more than 2%.

Posted by mmetcalfe at Dec 13, 2006 19:50

Hi Miles,

Just a quick note - I believe that Internet2 is currently working on integrating Confluence with Shibboleth, which you may be interested in:

https://spaces.internet2.edu/display/SHIB/ShibbolizedConfluence

Cheers,
Ernest

Posted by ernest@atlassian.com at Jan 02, 2007 22:27

Hi Ernest

Thanks for the link! I am still in the market, though, for a drop in "Education's favourite Java web-applications" SSO tool with Shibboleth integration.

Cheers

Miles

Posted by mmetcalfe at Jan 04, 2007 04:49

test

Posted by mderleth at Feb 28, 2007 13:15
Document generated by Confluence on Mar 08, 2007 18:49