Changes between Version 110 and Version 111 of Internal/Rbac/OrbitRbacDesign


Ignore:
Timestamp:
Sep 12, 2006, 4:51:01 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign

    v110 v111  
    66There is one book [[http://www.amazon.com/gp/product/1580533701/ FKC03]] and a surprisingly large number of articles, papers, PhD theses, and web sites that touch on aspects of the design and implementation of role-based access control for ORBIT.  Many of these sources are theoretical in nature, although some of the theoretical work includes implementation of tools to specify and check user-role assignments and constraints.  Some of the papers address administrative issues.  The following sources discuss RBAC implementation issues.
    77
    8 Ferraiolo, Barkley, and Kuhn's paper describes RBAC including dynamic separation of duty and their implementation of the NIST RBAC model RBAC/Web within a corporate intranet [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]].  Ferraiolo, Chandramouli, Ahn, and Gavrila describe the Role Control Center tool [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p12-ferraiolo.pdf FCAG03]].
     8Ferraiolo, Barkley, and Kuhn's paper describes the features of RBAC including dynamic separation of duty and their implementation of the NIST RBAC model RBAC/Web within a corporate intranet [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p34-ferraiolo.pdf FBK99]].  Ferraiolo, Chandramouli, Ahn, and Gavrila describe the Role Control Center tool [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p12-ferraiolo.pdf FCAG03]].
    99
    1010Georgiadis, Mavridis, Pangalos, and Thomas discuss the use of contextual information with team-based access control for collaborative activities best accomplished by teams of users. Users who belong to a team are given access to resources used by a team. However, the effective permissions of a user are derived from permission types defined for roles that the user belongs to. [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p21-georgiadis.pdf GMPT01]].  This work is based on that of Thomas [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p13-thomas.pdf Tho97]] and [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i97tbac.pdf TS98]].