Context Navigation

OrbitRbacDesign

Timestamp:: Sep 11, 2006, 6:26:57 PM (18 years ago)
Author:: hedinger
Comment:: —

Legend:

: Unmodified
: Added
: Removed
: Modified

Internal/Rbac/OrbitRbacDesign

-              v70
+              v71
 Kern, Schaad, and Moffett describe the Enterprise Role-Based Access Control Model (ERBAC) and its implementatin in commercial enterprise security management software SAM Jupiter [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p3-kern.pdf KSM03]].
+Marston describes radicore, an RBAC system for PHP at [[http://www.tonymarston.net/php-mysql/role-based-access-control.html Mar04]].  This Rapid Application Development Toolkit for building administrative Web applications is distributed under the GNU General Public License.
 === Design Issues ===
 In  [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/i01-kluwer01-jpark.pdf PAS01]] Park, Ahn and Sandhu write "Park and Sandhu identified two different approaches for obtaining a user's attributes on the Web: user-pull and server-pull architectures [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] .  They classified these architectures based on "Who pulls the user's attributes?"  In the user-pull architecture, the user pulls her attributes from the attribute server then presents them to the Web servers, which use those attributes for their purposes.  In the server-pull architecture, each Web server pulls user's attributes from the attribute server as needed and uses them for its purposes."  It seems to be a good idea to pursue the server-pull architecture because of temporal constraints and to avoid certificate revocation issues.