Changes between Version 85 and Version 86 of Internal/Rbac/OrbitRbacDesign


Ignore:
Timestamp:
Sep 11, 2006, 9:00:58 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign

    v85 v86  
    6262Ryutov, Neuman, Kim, and Zhou discuss integrating intrusion detection with access control for Web servers for a number of implementations [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01233707.pdf RNKZ03]].
    6363
     64Shin, Ahn, Cho, and Jin describe !RolePartner, "a system whose purpose is to help manage a valid set of roles with assigned users and permissions for role-based authorization infrastructures.  An LDAP-accessible directory service was used for a role database."  It suppports only static separation of duty [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1121-shin.pdf SACJ04]].
     65
     66
    6467=== Design Issues ===
    6568In  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identify and describe two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classify these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."  LDAP may be used in either approach [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]].