Subject: Re: regrep Security
Krishna, I think access control should work out relatively smoothly - after Tokyo - provided that our granularity doesn't get too fine. We have a notion of ownership with respect to who should have control over what registry objects. In my mind we get: The Registration Authority (RA) is the superowner and has system privileges The Submitting Organization (SO) owns everything they submitted The SO can Modify anything they submitted provided it doesn't adversely affect an object submitted by someone else - this can be controlled by how we define the effect of Registry Services. The General Public can't modify anything. Other RA's may not be able to modify anything but they may be able to see things that SO's and the General Public are not generally able to see, e.g. administrative information. etc. We have at least the following roles to consider: General Public - e.g. Web Browsers SO's RA's from other RegRep installations RO's (Responsible organizations) Named as such by SO's when submitting things. I'd be very cautious about defining too many other roles, since it could get very complex very quickly. -- Len At 11:43 AM 10/2/00 , Krishna Sankar wrote: >Hi all, > > Just as a TO DO Item (post Tokyo), does it make sense to provide some sort >of security mechanisms around the objects in the regrep ? My favorite is of >course, role based access control (rbac paradigms). > > cheers ************************************************************** Len Gallagher LGallagher@nist.gov NIST Work: 301-975-3251 Bldg 820 Room 562 Home: 301-424-1928 Gaithersburg, MD 20899-8970 USA Fax: 301-948-6213 **************************************************************
Powered by
eList eXpress LLC