Changes between Version 10 and Version 11 of Internal/Rbac/OrbitRbacDesign/ThreatAnalysis


Ignore:
Timestamp:
Sep 12, 2006, 2:26:37 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/OrbitRbacDesign/ThreatAnalysis

    v10 v11  
    55Because ORBIT is designed to be operated as a service available to the research community, no one experiment should affect a future one, and each project must be protected from other projects.
    66
     7In fact, access control has to center on projects.  Resources like data files belong to projects not users.  Roles would be role types expressed in the context of a given project.  Controlling access might involve not granting access to a user that once was a member of a project, and in fact ran the experiment that created the data file in question, but no longer is a member.  Controlling access also would be a way to limit or cease work on a project if need be. 
     8
    79It is assumed that all members of a given project can see all of that project's scripts, programs and data, but not all scripts, programs and data belonging to each member of the project.
     10
     11The privileges of users and of projects has made more explicit on the ORBIT system.  One complication is that scripts and programs are often shared across projects.  Such shared resources couild be considered objects common to ORBIT, but some might want to restrict the projects with which they are shared.
     12
     13One rationale for using dynamic instead of static separation of duty is to not impose overburdensome restrictions on the roles allowed for a few users on a small project.  There are many small ORBIT projects.  A given user might be an Adminstrator on one project and just a User on two others.  Dynamic separation of duty allows a user to act in two conflicting roles on a single project at two different times.
     14
     15Adopting dynamic separation of duty implies the use possible less but perhaps more care assigning roles, but it also gives rise to the need log accesses to resources of concern and to check those logs as regularly as required by the cause of the concern.
    816
    917List of possible threats
     
    2634Are there any requirements related to version control?  Is it safe to assume that each project will keep track of it?
    2735
     36Although it does not seem likely with the current ORBIT resouces, it is possible that access to some resources (instruments) might be limited to protect them from overuse or damage or just to keep the in calibration.
     37
    2838Are there any other threats that might require the use of RBAC with ORBIT?
    2939