Changes between Version 35 and Version 36 of Internal/Rbac/OrbitRbacDesign

Timestamp:

Sep 8, 2006, 10:06:56 PM (18 years ago)

Author:

hedinger

Comment:

—

Internal/Rbac/OrbitRbacDesign

@@ -22 +22 @@
 Bhatti, Ghafoor, Bertino and Joshi implemented a policy administration process for the XML-based X-GTRBAC architecture [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p187-bhatti.pdf BGBJ05]].  Bhatti, Joshi, Bertino, and Ghafoor discuss a Java-based application with dynamic XML-based Web services [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ICWS_2003.pdf BJBG03]].  Bhatti, Joshi, Bertino, and Ghafoor address decentralized administration of enterprise-wide access a control [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p78-bhatti.pdf BJBG04]].
 
+Brooks discusses the Tivoli implementin of RBAC in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p71-brooks.pdf Bro99]].
+
 === Design Issues ===
 In  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identified two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classified these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."  It seems to be a good idea to pursue the server-pull architecture because of temporal constraints and to avoid certificate revocation issues.