Changes between Version 10 and Version 11 of Internal/Rbacinternal


Ignore:
Timestamp:
Jul 27, 2006, 4:46:56 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbacinternal

    v10 v11  
    66Role-Based Access Control (RBAC) will be used by Orbit to ''control'' each user's ''access'' to Orbit resources based on his or her ''role''.  To explain this use of roles, first some terminology.  When a user runs an application program that process acts on behalf of the user and is referred to as a ''subject''.  An ''object'' is any resource accessible on a computer system, including peripherals, files, databases, and fields in a database.  An ''operation'' is an active part of a process invoked by the subject process much like a function call or a method invocation.  In general, a ''permission'' or privilege is the authorization to perform some action on the system.  In RBAC, a permission is the authorization to perform a given operation on a given object.  The use of roles to control access is based on the observation that there may be thousands of users in a given organization, but there are perhaps only a hundred different roles they act in at any given time to access resources.  Users are assigned to one or more roles.  Each role has a defined set of permissions, each for an operation invoked by a process run by a user acting in that role to access a given object.
    77
    8 As with any access control mechanism, role-based access control will have some performance penalties.  Role-based access control should provide sufficiently flexible control with acceptable performance for reasonable administrative cost.  In ORBIT, the role-based access control will be implemented using the mechanisms provided by LDAP.  It is expected that this implementation will have acceptable performance while providing the desired security.
     8As with any access control mechanism, role-based access control will have some performance penalties.  Role-based access control should provide sufficiently flexible control with acceptable performance for reasonable administrative cost.  In ORBIT, role-based access control will be implemented using mechanisms provided by LDAP.  It is expected that this implementation will have acceptable performance while providing the desired security.
    99 
    1010== LDAP Version 2 documents ==