Hi OSGi devs, I do have some problems with the semantics in the OSGi User Admin specs, perhaps you could help me. In the 107.3 OSGi User Admin (OUA) is referred to a "role-based model", but for me it's not really that generic and intuitive. The further details and examples feel somehow more like a group-based model.
Has anyone implement a real RBAC [1] based on the OUA, what would be the right way to do this? First idea: - discard the Group interface - use the Role interface and Role.ROLE type for all hierarchical roles - use role properties for permissions, why aren't UserAdminPermissions used in authorization context for role permissions/action groups? - implement a different Authorization context, so that roles imply the users of their parent roles Non hierarchical RBAC seem possible though, in this case a role maps to an "action group". [1] http://en.wikipedia.org/wiki/Role-based_access_control Thanks in advance, Martin --------------------------------------------------------- Martin Petzold • Technical Consultant ProSyst Software GmbH D-50858 Cologne, Germany • Duerener Strasse 405 Tel. +49 (0)221 6604 405 • Fax +49 (0)221 6604 660 Mobile +49 (0)163 6604 405 http://www.prosyst.com • [email protected] --------------------------------------------------------- stay in touch with your product. --------------------------------------------------------- _______________________________________________ OSGi Developer Mail List [email protected] https://mail.osgi.org/mailman/listinfo/osgi-dev
