Changes between Version 6 and Version 7 of Internal/Rbac/OrbitRbacDesign


Ignore:
Timestamp:
Sep 8, 2006, 4:55:28 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign

    v6 v7  
    11[[TOC(Internal/Rbac, Internal/Rbac/OrbitRbacLevels, Internal/Rbac/OrbitRbacDesign, Internal/Rbac/OrbitRbacDesign/ThreatAnalysis, Internal/Rbac/OrbitRbacDesign/AuditingTools, Internal/Rbac/OrbitRbacDesign/ConsistencyChecking, Internal/Rbac/OrbitRbacDesign/NistRbacSoftware, Internal/Rbac/OrbitRbacDesign/SolarisRbac, Internal/Rbac/OrbitRbacDesign/OasisRbac, Internal/Rbac/OrbitRbacDesign/DesignByWiki, Internal/Rbac/OrbitRbacDesign/OpenIssues, Internal/Rbac/LdapResources, Internal/Rbac/RbacResources)]]
    22== ORBIT RBAC Design ==
     3=== Background ===
     4Siswati Swami's Requirements Specifications for ORBIT Access Control [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.pdf Swa06]] Requirements Specifications for ORBIT Access Control. Technical report, Rutgers University, New Brunswick, New Jersey USA, June 2006. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Specs2.doc in MS Word format]] has analyzed the roles that ORBIT users might assume and produced a role versus resource matrix
     5
    36=== Implementation Issues ===
    47In   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identified two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classified these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."