Changes between Version 107 and Version 108 of Internal/Rbac/OrbitRbacDesign


Ignore:
Timestamp:
Sep 12, 2006, 3:45:52 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign

    v107 v108  
    3434Chandramouli describes a framework for multiple authorization types in a healthcare application in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chandramouli01framework.pdf Cha01]], and in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/ACM_XML_Paper_Final.pdf Cha00]] Chandramouli describes the specification and validation of an XML-based enterprise access control model, and in   [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/access_validate.pdf Cha03]] Chandramouli extends this work to annotating XML schema for policy contraints.
    3535
    36 Chou describes a Java-based implemention of RBAC with dynamic role switching [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2143.pdf Cho05]].
     36Chou describes a Java-based implementation of RBAC with dynamic role switching [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2143.pdf Cho05]].
    3737
    3838Chadwick and Otenko implemented the PERMIS X.509 role-based privilege management infrastructure using Java, XML and LDAP [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p135-chadwick.pdf CO02a]], [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/chadwickRBAC509.pdf CO02b]], and [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/Sec2002Final.pdf CO02c]].  Chadwick, Otenko, and Ball also describe this implementation [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/InternetComputingPaperv4.pdf COB04]].
     
    7979In  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identify and describe two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classify these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."  LDAP may be used in either approach [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]].
    8080
    81 It seems to be a good idea to pursue the server-pull architecture because of temporal constraints and to avoid certificate revocation issues.  If it decided otherwise to use a user-pull architecture, secure cookies [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jean.pdf Par99]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00secure.pdf PS00b]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park99rbac.pdf PSG99]] and smart X.509 certificates [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-park.pdf PS99a]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00binding.pdf PS00a]] are the two methods used.  Ahn, Sandhu, Kang, and Park discuss a proof-of-concept implemention of a user-pull architected, web-based workflow system in  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2928_1724_76-10-01.pdf ASKP00]].
     81It seems to be a good idea to pursue the server-pull architecture because of temporal constraints and to avoid certificate revocation issues.  If it decided otherwise to use a user-pull architecture, secure cookies [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jean.pdf Par99]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00secure.pdf PS00b]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park99rbac.pdf PSG99]] and smart X.509 certificates [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-park.pdf PS99a]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00binding.pdf PS00a]] are the two methods used.  Ahn, Sandhu, Kang, and Park discuss a proof-of-concept implementation of a user-pull architected, web-based workflow system in  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2928_1724_76-10-01.pdf ASKP00]].
    8282
    8383Park, Sandhu, and Ahn summarize the issues in implementing RBAC on the Web in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]].  Shin, Ahn, and Park further demonstrate an application of Directory Service Markup Language (DSML) to implement RBAC with XML to facilitate collaboration within or beyond a single enterprise boundary, improving upon the previous LDAP-oriented solution [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01045125.pdf SAP02]].