Changes between Version 27 and Version 28 of Internal/Rbac


Ignore:
Timestamp:
Oct 10, 2006, 2:06:42 PM (18 years ago)
Author:
anonymous
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac

    v27 v28  
    1111The use of roles to control access is based on the observation that there may be thousands of users in a given organization, but there are fewer than a hundred different roles they act in at any given time to access resources.  Users are assigned to one or more roles.  Each role has a defined set of permissions, each permission either allowing or disallowing an operation invoked by a subject process run by a user active in that role to be performed on a given object.
    1212
    13 In ORBIT, role-based access control will be implemented using LDAP.  Besides authenticating users, an LDAP schema will be developed for a directory of projects and roles.  In ORBIT roles will be expressed within projects.  A given user be assigned one set of roles on a given project and a different set on another project.
     13In ORBIT, role-based access control will be implemented using LDAP.  Besides authenticating users, an LDAP schema will be developed for a directory of projects and roles.  In ORBIT roles will be expressed within projects.  A given user may be assigned one set of roles on a given project and a different set on another project.
    1414
    1515Development of ORBIT RBAC will require modifications to the services that control ORBIT resources so that access to the methods those services present to users can be controlled. Further, a monitor program based on the NIST RBAC/Web code is needed to keep track of each user's active roles and to grant access quickly to users when accessing these methods.  It is expected that this implementation will have acceptable performance while providing the desired levels of protection and administrative capability.