Changes between Version 86 and Version 87 of Internal/Rbac/OrbitRbacDesign
- Timestamp:
- Sep 11, 2006, 9:18:40 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Internal/Rbac/OrbitRbacDesign
v86 v87 70 70 It seems to be a good idea to pursue the server-pull architecture because of temporal constraints and to avoid certificate revocation issues. If it decided otherwise to use a user-pull architecture, secure cookies [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/diss-jean.pdf Par99]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00secure.pdf PS00b]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park99rbac.pdf PSG99]] and smart X.509 certificates [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p1-park.pdf PS99a]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/smart-certificates-extending-x-1.pdf PS99b]] [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/park00binding.pdf PS00a]] are the two methods used. Ahn, Sandhu, Kang, and Park discuss a proof-of-concept implemention of a user-pull architectured, web-based workflow system in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/2928_1724_76-10-01.pdf ASKP00]]. 71 71 72 Park, Sandhu, and Ahn summarize the issued in implementing RBAC Web in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]]. 72 Park, Sandhu, and Ahn summarize the issued in implementing RBAC Web in [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/p37-park.pdf PSA01]]. Shin, Ahn, and Park further demonstrate an application of Directory Service Markup Language (DSML) to implement RBAC with XML to facilitate collaboration within or beyond a single enterprise boundary, improving upon the previous LDAP-oriented solution [[http://orbit-lab.org/attachment/wiki/Internal/Rbac/RbacResources/01045125.pdf SAP02]]. 73 73 74 74 This design assumes that user authentication will be handled separately and will be reliable. It also assumes that ORBIT users will protect their passwords and not intentionally loan them to others. These two assumptions allow a person to be related to a user id.
