Changes between Version 13 and Version 14 of Internal/Rbac


Ignore:
Timestamp:
Oct 6, 2006, 4:00:48 PM (18 years ago)
Author:
anonymous
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac

    v13 v14  
    99Two special constraints are needed with role-based access control for ORBIT.  A primary goal of ORBIT's is to insure each user has access to data and results only for his or her project(s).  Second, use of the grid and sandboxes is scheduled and control of access to each of them has to be integrated with the ORBIT scheduler.
    1010
    11 As with any access control mechanism, role-based access control will have some performance penalties.  Role-based access control should provide sufficiently flexible control with acceptable performance for reasonable administrative cost.  In ORBIT, role-based access control will be implemented using mechanisms provided by LDAP.  It is expected that this implementation will have acceptable performance while providing the desired security.
     11As with any access control mechanism, role-based access control will have some performance penalties.  Role-based access control should provide sufficiently flexible control with acceptable performance for reasonable administrative cost.  In ORBIT, role-based access control will be implemented using LDAP.  Besides authenticating users, a schema will be developed for a directory of projects and roles.  ORBIT RBAC will also require modifications to the services that control ORBIT resources so that access to the methods those servicess present to users can be controlled. Further, a monitor based on the NIST RBAC/Web code is needed to grant access to users when accessing these methods.  It is expected that this implementation will have acceptable performance while providing the desired levels of privacy and administrative capability.
    1212
    1313The rest of the wiki pages for the ORBIT Role-Based Access Control project are organized as follows.  The [wiki:Internal/Rbac/OrbitRbacLevels RBAC Reference Model] page briefly describes the core, hierarchical, static separation of duty and dynamic separation of duty components of the RBAC specification.  The [wiki:Internal/Rbac/OrbitRbacDesign ORBIT RBAC Design] page and its subsidiary pages contain design issues and decisions.  The [wiki:Internal/Rbac/LdapResources LDAP Resources] and [wiki:Internal/Rbac/RbacResources RBAC Resources] pages each briefly describe important sources then give a fairly comprehensive list of references.  All of the bracketed wiki references like  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ANSI+INCITS+359-2004.pdf Ame04]] are on the [wiki:Internal/Rbac/RbacResources RBAC Resources] page.