Changes between Version 18 and Version 19 of Internal/Rbac
- Timestamp:
- Oct 6, 2006, 4:20:24 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Internal/Rbac
v18 v19 3 3 Role-Based Access Control (RBAC) will be used by ORBIT to ''control'' each user's ''access'' to ORBIT resources based on his or her ''role''. RBAC promises simpler administration of access control than maintaining access control lists for each resource. It enables an organization to enforce separation of duty, the principle of least privilege and timely revocation of trust. Because it is based on a formal model, a given assignment of users to roles may be checked for consistency with the organization's security design goals. 4 4 5 RBAC is being implemented in ORBIT to protect a project's information from access or disruption by other projects, to minimize some problems with projects, and to provide tools for project administration by each project's Principal Investigator.5 RBAC is being implemented in ORBIT to protect a project's information from access or disruption by other projects, to minimize some problems within projects, and to provide tools for project administration by each project's Principal Investigator. 6 6 7 7 To explain RBAC's specific use of roles, first some terminology. In normal, scheduled operation, ORBIT is designed to insure that each person using an ORBIT resource is allowed to do so at that time. The Lightweight Directory Access Protocol (LDAP) is used by ORBIT to ''authenticate'' each user's password when he or she logs into an ORBIT controller or server. LDAP authentication and the proper use of ORBIT user id's and passwords allows each user id to be related to a single human user although a single person may have one or more ORBIT user id's. Each ORBIT user id may be logged into one or more sessions, and during each session there may well be multiple computer processes initiated by the user. A ''process'' is an instance of a user running an application program like a spreadsheet, editor or browser.