Changes between Version 12 and Version 13 of Internal/Rbac/OrbitRbacDesign/ThreatAnalysis


Ignore:
Timestamp:
Sep 18, 2006, 8:27:32 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac/OrbitRbacDesign/ThreatAnalysis

    v12 v13  
    11[[TOC(Internal/Rbac, Internal/Rbac/OrbitRbacLevels, Internal/Rbac/OrbitRbacDesign, Internal/Rbac/OrbitRbacDesign/ThreatAnalysis, Internal/Rbac/OrbitRbacDesign/AuditingTools, Internal/Rbac/OrbitRbacDesign/ConsistencyChecking, Internal/Rbac/OrbitRbacDesign/NistRbacSoftware, Internal/Rbac/OrbitRbacDesign/SolarisRbac, Internal/Rbac/OrbitRbacDesign/OasisRbac, Internal/Rbac/OrbitRbacDesign/DesignByWiki, Internal/Rbac/OrbitRbacDesign/OpenIssues, Internal/Rbac/LdapResources, Internal/Rbac/RbacResources)]]
    22==== ORBIT Threat Analysis ====
    3 The primary motivation for using role-based access control with the ORBIT Testbed is to insure that every user has sufficient access to each and every ORBIT resource that he or she needs to perform each phase of an experiment without giving each user root privileges.  Each identifiable task of each phase of each type of experiment could be a role, and a user need only have certain privileges when acting in a given role.
     3The primary motivation for using role-based access control with the ORBIT Testbed is to insure that every user has sufficient access to each and every ORBIT resource that he or she needs to perform each phase of an experiment without giving each user root privileges.  Each identifiable task of each phase of each type of experiment could be a role, and a user need only have certain privileges when acting in a given role.
     4
     5A longer term goal is to automate the administration of projects and project members using RBAC's administrative functions.  Once a project was defined and a Project Leader assigned to it, that Project Leader would be able to add ORBIT users and add project members and assign them roles within the project as he or she sees fit. 
    46
    57Because ORBIT is designed to be operated as a service available to the research community, no one experiment should affect a future one, and each project must be protected from other projects.