Changes between Version 26 and Version 27 of Internal/Rbac
- Timestamp:
- Oct 10, 2006, 2:06:08 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Internal/Rbac
v26 v27 11 11 The use of roles to control access is based on the observation that there may be thousands of users in a given organization, but there are fewer than a hundred different roles they act in at any given time to access resources. Users are assigned to one or more roles. Each role has a defined set of permissions, each permission either allowing or disallowing an operation invoked by a subject process run by a user active in that role to be performed on a given object. 12 12 13 In ORBIT, role-based access control will be implemented using LDAP. Besides authenticating users, an LDAP schema will be developed for a directory of projects and roles. ORBIT RBAC will also require modifications to the services that control ORBIT resources so that access to the methods those servicess present to users can be controlled. Further, a monitor program based on the NIST RBAC/Web code is needed to grant access quickly to users when accessing these methods. It is expected that this implementation will have acceptable performance while providing the desired levels of protection and administrative capability. 13 In ORBIT, role-based access control will be implemented using LDAP. Besides authenticating users, an LDAP schema will be developed for a directory of projects and roles. In ORBIT roles will be expressed within projects. A given user be assigned one set of roles on a given project and a different set on another project. 14 15 Development of ORBIT RBAC will require modifications to the services that control ORBIT resources so that access to the methods those services present to users can be controlled. Further, a monitor program based on the NIST RBAC/Web code is needed to keep track of each user's active roles and to grant access quickly to users when accessing these methods. It is expected that this implementation will have acceptable performance while providing the desired levels of protection and administrative capability. 14 16 15 17 The rest of the wiki pages for the ORBIT Role-Based Access Control project are organized as follows. The [wiki:Internal/Rbac/OrbitRbacLevels RBAC Reference Model] page briefly describes the core, hierarchical, static separation of duty and dynamic separation of duty components of the RBAC specification. The [wiki:Internal/Rbac/OrbitRbacDesign ORBIT RBAC Design] page and its subsidiary pages contain design issues and decisions. The [wiki:Internal/Rbac/LdapResources LDAP Resources] and [wiki:Internal/Rbac/RbacResources RBAC Resources] pages each briefly describe important sources then give a fairly comprehensive list of references. All of the bracketed wiki references like [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf Ame04]] are on the [wiki:Internal/Rbac/RbacResources RBAC Resources] page.