Changes between Version 3 and Version 4 of Internal/Rbac/OrbitRbacDesign


Ignore:
Timestamp:
Aug 31, 2006, 7:40:07 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign

    v3 v4  
    22== ORBIT RBAC Design ==
    33=== Implementation Issues ===
    4 In   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sadhu write "Park and Sandhu identified two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classified these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."
     4In   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identified two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classified these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."
    55
    66=== Design Issues ===
    77This design assumes that user authentication will be handled separately and will be reliable.  It also assumes that ORBIT users will protect their passwords and not intentionally loan them to others.  These two assumptions allow a person to be related to a user id.
    88
    9 It is assumed that access control is only related to scheduling in so far as repecting time limits for access to the grid or sandboxes.
     9It is assumed that access control is only related to scheduling in so far as respecting time limits for access to the grid or sandboxes.
    1010
    1111It is assumed that access control will not need to interact with cost accounting.  It is assumed that any denial of access to overdrawn users will be enforced by user authentication.
     
    1313If it is required to enforce project-level denial of access due to cost considerations it might be possible to enforce it when an already authorized user attempts to select that project or when he or she accesses an object with a cost associated with it.
    1414
    15 Does hierachical RBAC solve the seeming need to have per-project instances of each role for per-project resources like its results files?
     15Does hierarchical RBAC solve the seeming need to have per-project instances of each role for per-project resources like its results files?
    1616
    1717 * [wiki:Internal/Rbac/OrbitRbacDesign/ThreatAnalysis Threat Analysis for ORBIT]