I have some problems with these definitions that I have not had time
to write up comprehensibly but I would appreciate more discussion
before we put them on the web site.
I'd like to counter-propose that we use the definitions from the NIST
paper or better the standard which it has turned into instead. To me
they are a lot more self contained and clearer. For instance, Alex's
definitions below use the term "principal" which I don't think he's
defined yet. I think there's a good chance that terms or definitions
that have been used by the research community for 10-15 years have
clearer definitions and fewer conceptual holes or redundancies than
terms or definitions we come up with even if based on common practice.
NIST paper:
http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf
ANSI standard based on this: (I have not read this yet):
http://www.techstreet.com/cgi-bin/detail?product_id=1151353
thanks
david jencks
On Oct 24, 2007, at 2:37 PM, Emmanuel Lecharny wrote:
Very clear.
Do we have those definitions on the web site, or should we inject
them ?
On 10/24/07, Alex Karasulu <[EMAIL PROTECTED]> wrote:
Applications and Roles
---------------------------------
Application designers devise security permissions and roles
specific to
applications. These
roles represent a set of rights authorizing principals to perform
operations
or access resources
that must be allowed to fulfill a specific coherent function within
applications. These rights to
access resources are the permissions. The set of these
permissions, needed
for a logical
function to be conducted in the application, is a role.
To be concise we extract the following glossary definitions:
Permission:
A right required by a system or application to authorize
principals to
perform a
specific operation or access a resource in some manner.
Role:
A set of permissions required by a principal to be authorized
to fulfill
a logical function
within a system or application.
Thanks,
Alex
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
