FWIW, has anyone checked out http://csrc.nist.gov/rbac/? Goodly collection
of whitepapers and stuff on the topic.

<excerpt>
One of the most challenging problems in managing large networked systems is
the complexity of security administration. Today, security administration is
costly and prone to error because administrators usually specify access
control lists for each user on the system individually. Role based access
control (RBAC) is a technology that is attracting increasing attention,
particularly for commercial applications, because of its potential for
reducing the complexity and cost of security administration in large
networked applications.

With RBAC, security is managed at a level that corresponds closely to the
organization's structure. Each user is assigned one or more roles, and each
role is assigned one or more privileges that are permitted to users in that
role. Security administration with RBAC consists of determining the
operations that must be executed by persons in particular jobs, and
assigning employees to the proper roles. Complexities introduced by mutually
exclusive roles or role hierarchies are handled by the RBAC software, making
security administration easier.
</excerpt>

Regards,
Kelvin
----- Original Message -----
From: Gonzalo A. Diethelm <[EMAIL PROTECTED]>
To: Turbine Developers List <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, January 21, 2002 8:22 PM
Subject: RE: First ideas for new security model


> > Dan Diephouse, could you summarize your ideas in a stand-alone posting?
> > We may be getting closer to a consensus, and it would be good to look
> > again at what you propose in full.
>
> Also, I think it would be good to keep in mind that it is probably
> a good idea that the design of the security system separates these
> concerns:
>
> 1. Authentication (log-in, log-out, password admin?)
> 2. Authorization (is this user allowed to do this)
> 3. Profiling (user preferences)
> 4. Administration (add, edit, remove users)
>
>
> --
> Gonzalo A. Diethelm
> [EMAIL PROTECTED]
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to