Changes between Version 49 and Version 50 of Internal/Rbac/OrbitRbacDesign


Ignore:
Timestamp:
Sep 11, 2006, 2:33:34 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign

    v49 v50  
    3232Chou describes a Java-based implemention of RBAC with dynamic role switching [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2143.pdf Cho05]].
    3333
     34Chadwick and Otenko implemented the PERMIS X.509 role-based privilege management infrastructure using LDAP [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p135-chadwick.pdf CO02a]].
     35
     36
     37
    3438=== Design Issues ===
    3539In  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identified two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classified these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."  It seems to be a good idea to pursue the server-pull architecture because of temporal constraints and to avoid certificate revocation issues.