Context Navigation

OrbitRbacDesign

-              v115
+              v116
 Zao, Wee, Chu, and Jackson used ALLOY, a lightweight formal modelling system to develop an RBAC schema debugger [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/RBAC-1.pdf ZWCJ02]].
+Cholewka, Botha, and Eloff did a prototype implementation of a context-sensitive access control with separation of duty [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/IC_003.pdf CBE00]].
 === Design Issues ===
 In  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identify and describe two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classify these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."  LDAP may be used in either approach [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]].