Changes between Version 121 and Version 122 of Internal/Rbac/OrbitRbacDesign
- Timestamp:
- Sep 14, 2006, 8:29:27 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Internal/Rbac/OrbitRbacDesign
v121 v122 6 6 There is one book [[http://www.amazon.com/gp/product/1580533701/ FKC03]] and a surprisingly large number of articles, papers, PhD theses, and web sites that touch on aspects of the design and implementation of role-based access control for ORBIT. Many of these sources are theoretical in nature, although some of the theoretical work includes implementation of tools to specify and check user-role assignments and constraints. Some of the papers address administrative issues. The following sources discuss RBAC implementation issues. 7 7 8 Ferraiolo, Barkley, and Kuhn's paper describes the features of RBAC including dynamic separation of duty and their implementation of the NIST RBAC model RBAC/Web [wiki:NISTRBAC software] within a corporate intranet [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]]. Ferraiolo, Chandramouli, Ahn, and Gavrila describe the Role Control Center tool [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p12-ferraiolo.pdf FCAG03]].8 Ferraiolo, Barkley, and Kuhn's paper describes the features of RBAC including dynamic separation of duty and their implementation of the NIST RBAC model RBAC/Web [wiki:NISTRBACSoftware NIST RBAC Software] within a corporate intranet [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]]. Ferraiolo, Chandramouli, Ahn, and Gavrila describe the Role Control Center tool [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p12-ferraiolo.pdf FCAG03]]. 9 9 10 10 Georgiadis, Mavridis, Pangalos, and Thomas discuss the use of contextual information with team-based access control for collaborative activities best accomplished by teams of users. Users who belong to a team are given access to resources used by a team. However, the effective permissions of a user are derived from permission types defined for roles that the user belongs to. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p21-georgiadis.pdf GMPT01]]. This work is based on that of Thomas [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-thomas.pdf Tho97]] and [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i97tbac.pdf TS98]].