{"guid":"0d9112f3-d8b0-5cf3-adf0-842be6380d20","title":"Æ-DIR - das paranoide IAM für DevOps","subtitle":null,"slug":"2019-196--dir-das-paranoide-iam-fr-devops","link":"https://talks.mrmcd.net/2019/talk/VU7SC8/","description":"[Æ-DIR](https://www.ae-dir.com) ist ein Identity \u0026 Access Management, welches die Prinzipien Need-to-Know- und Least-Privilege ernst nimmt.\n\n[Æ-DIR](https://www.ae-dir.com) ist ein paranoides Identity \u0026 Access Management basierend auf\nOpenLDAP.\n\nIm Gegensatz zu anderen LDAP-Servern muss für an Æ-DIR angeschlossene Systeme die Sichtbarkeit von Benutzern und Gruppen immer explizit (zweckgebunden) erlaubt werden. Dies erfolgt rein über Datenpflege im LDAP-Server.\n\nLDAP-fähige Anwendungen müssen auch dank Schemakompabilität nicht speziell für Æ-DIR angepasst werden. Ein für Æ-DIR angepasster NSS-/PAM-Dienst [aehostd](https://www.ae-dir.com/aehostd.html) ermöglicht die automatisierte Integration und performante Nutzung auch in grossen Server-Umgebungen.\n\nZudem wird die Administration auf mehreren Ebenen an kleine Benutzergruppen delegiert, um zu mächtige Stellvertreter-Rollen zu vermeiden. Dies macht auch Genehmigungsprozesse überflüssig. Strikte Vorgaben im System dienen der langfristigen Auditierbarkeit und somit als Grundlage für detaillierte Compliance-Prüfungen.\n\nDurch Statusänderung auf \"archiviert\" kann dabei die Sichtbarkeit von Einträgen sehr stark eingeschränkt werden, um trotz der langfristigen Speicherung von Benutzerdaten (z.B. wg. GOB/GdPdU) ausreichenden Datenschutz (DSGVO) zu gewährleisten.","original_language":"deu","persons":["Michael Ströder"],"tags":["mrmcd19","196","2019"],"view_count":275,"promoted":false,"date":"2019-09-15T00:00:00.000+02:00","release_date":"2019-09-15T02:00:00.000+02:00","updated_at":"2025-12-13T15:45:03.848+01:00","length":4595,"duration":4595,"thumb_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd19/196-hd.jpg","poster_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd19/196-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd19/196-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd19/196-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/2019-196--dir-das-paranoide-iam-fr-devops","url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_title":"MRMCD 2019 - Gesellschaftsspiele","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19","related":[{"event_id":7816,"event_guid":"7e630029-555c-51fa-b4bc-f9277e513d1f","weight":9},{"event_id":7820,"event_guid":"9a497fd7-62b4-5b5b-bf09-5dd123d18305","weight":9},{"event_id":7823,"event_guid":"a2846627-02c2-5acf-a729-e8bd700766ce","weight":12},{"event_id":7827,"event_guid":"aa53b942-2716-5a1c-9dfe-563570f742e2","weight":2},{"event_id":7834,"event_guid":"d37118e7-992d-5e2a-92cb-890b437b96b6","weight":9},{"event_id":7836,"event_guid":"6a019d59-f68f-5d62-aa28-e95d5fb6e541","weight":10},{"event_id":7839,"event_guid":"abf66e62-0ad5-5cf1-bb6a-a15b95f0800b","weight":10},{"event_id":7840,"event_guid":"9f167527-1e5f-5b83-ba51-3f76e2a940f0","weight":9},{"event_id":7842,"event_guid":"4cea7604-1f84-5345-8ebd-4c745fef76eb","weight":6},{"event_id":7843,"event_guid":"d21c048c-ff08-5483-af93-a32b0e13fe48","weight":2}],"recordings":[{"size":368,"length":4595,"mime_type":"video/mp4","language":"deu","filename":"mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-09-15T18:17:55.866+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd19/h264-hd/mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_hd.mp4","url":"https://api.media.ccc.de/public/recordings/40191","event_url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19"},{"size":46,"length":4595,"mime_type":"audio/opus","language":"deu","filename":"mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-09-15T18:20:12.931+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd19/opus/mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_opus.opus","url":"https://api.media.ccc.de/public/recordings/40193","event_url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19"},{"size":70,"length":4595,"mime_type":"audio/mpeg","language":"deu","filename":"mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-09-15T18:20:58.314+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd19/mp3/mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/40194","event_url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19"},{"size":153,"length":4595,"mime_type":"video/mp4","language":"deu","filename":"mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-09-15T18:35:44.530+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd19/h264-sd/mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_sd.mp4","url":"https://api.media.ccc.de/public/recordings/40195","event_url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19"},{"size":267,"length":4595,"mime_type":"video/webm","language":"deu","filename":"mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-09-15T19:01:11.887+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd19/webm-sd/mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/40196","event_url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19"},{"size":633,"length":4595,"mime_type":"video/webm","language":"deu","filename":"mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-09-15T20:36:35.380+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd19/webm-hd/mrmcd19-196-deu-AE-DIR_-_das_paranoide_IAM_fuer_DevOps_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/40197","event_url":"https://api.media.ccc.de/public/events/0d9112f3-d8b0-5cf3-adf0-842be6380d20","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd19"}]}