Changes between Version 5 and Version 6 of Internal/Rbacinternal


Ignore:
Timestamp:
Jul 27, 2006, 4:01:44 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbacinternal

    v5 v6  
    11= LDAP and RBAC Documents =
    2 The Lightweight Directory Access Protocol (LDAP) is used by Orbit to ''authenticate'' each user's password when he or she logs into an Orbit controller or server.  LDAP authentication and the proper use of Orbit user id's and passwords allows each user id to be related to a single human user.  A single person may have one or more Orbit user id's.  Each Orbit user id may be logged into one or more sessions, and during each session there are multiple serial or parallel computer processes initiated by the user.  A ''process'' is the operation of an application program like a spreadsheet, editor or browser.
     2The Lightweight Directory Access Protocol (LDAP) is used by Orbit to ''authenticate'' each user's password when he or she logs into an Orbit controller or server.  LDAP authentication and the proper use of Orbit user id's and passwords allows each user id to be related to a single human user.  A single person may have one or more Orbit user id's.  Each Orbit user id may be logged into one or more sessions, and during each session there may be multiple computer processes initiated by the user.  A ''process'' is the operation of an application program like a spreadsheet, editor or browser.
    33
    4 Role-Based Access Control (RBAC) will be used by Orbit to ''control'' each user's ''access'' to Orbit resources based on his or her ''role''.  To explain how RBAC will work, first some terminology.  An application program or process acting on behalf of a user is referred to as a ''subject''.  An ''object'' is any resource accessible on a computer system, including peripherals, files, databases, and fields in a database.  An ''operation'' is an active part of a process invoked by the subject process much like a function call or a method invocation.  A ''permission'' or privilege is the authorization to perform some action on the system.  In RBAC, a permission involves the authorization to perform a given operation on a given object.  The use of roles to control access is based on the observation that there may be thousands of users in a given organization, but there are perhaps only a hundred different roles they act in at any given time to access resources.  Users are assigned to one or more roles and each role has defined permissions for operations issued on behalf of a process run by a user acting in that role to access a given object.
     4Role-Based Access Control (RBAC) will be used by Orbit to ''control'' each user's ''access'' to Orbit resources based on his or her ''role''.  To explain RBAC, first some terminology.  When a user runs an application program that process acts on behalf of the user and is referred to as a ''subject''.  An ''object'' is any resource accessible on a computer system, including peripherals, files, databases, and fields in a database.  An ''operation'' is an active part of a process invoked by the subject process much like a function call or a method invocation.  In general, a ''permission'' or privilege is the authorization to perform some action on the system.  In RBAC, a permission is the authorization to perform a given operation on a given object.  The use of roles to control access is based on the observation that there may be thousands of users in a given organization, but there are perhaps only a hundred different roles they act in at any given time to access resources.  Users are assigned to one or more roles.  Each role has defined permissions for operations invoked by a process run by a user acting in that role to access a given object.
    55 
    66== LDAP Version 2 documents ==