You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2014/10/27 16:14:46 UTC
svn commit: r927043 - in /websites/staging/directory/trunk/content: ./
fortress/user-guide/ fortress/user-guide/images/
Author: buildbot
Date: Mon Oct 27 15:14:46 2014
New Revision: 927043
Log:
Staging update by buildbot for directory
Added:
websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html
websites/staging/directory/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png (with props)
websites/staging/directory/trunk/content/fortress/user-guide/images/RbacCore.png (with props)
websites/staging/directory/trunk/content/fortress/user-guide/images/RbacDSD.png (with props)
websites/staging/directory/trunk/content/fortress/user-guide/images/RbacHier.png (with props)
websites/staging/directory/trunk/content/fortress/user-guide/images/RbacSSD.png (with props)
Modified:
websites/staging/directory/trunk/content/ (props changed)
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Oct 27 15:14:46 2014
@@ -1 +1 @@
-1634560
+1634562
Added: websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html (added)
+++ websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html Mon Oct 27 15:14:46 2014
@@ -0,0 +1,236 @@
+<!DOCTYPE html>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <title>1.3 - What ANSI RBAC is — Apache Directory</title>
+
+ <link href="./../../css/common.css" rel="stylesheet" type="text/css">
+ <link href="./../../css/turquoise.css" rel="stylesheet" type="text/css">
+
+
+ <link rel="shortcut icon" href="./../../images/fortress-icon_16x16.png">
+
+ <!-- Google Analytics -->
+ <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
+ <script type="text/javascript">
+ _uacct = "UA-1358462-1";
+ urchinTracker();
+ </script>
+ </head>
+ <body>
+ <div id="container">
+ <div id="header">
+ <div id="subProjectsNavBar">
+ <a href="./../../">
+
+ Apache Directory Project
+
+ </a>
+ |
+ <a href="./../../apacheds">
+
+ ApacheDS
+
+ </a>
+ |
+ <a href="./../../studio">
+
+ Apache Directory Studio
+
+ </a>
+ |
+ <a href="./../../api">
+
+ Apache LDAP API
+
+ </a>
+ |
+ <a href="./../../mavibot">
+
+ Mavibot
+
+ </a>
+ |
+ <a href="./../../escimo">
+
+ eSCIMo
+
+ </a>
+ |
+ <a href="./../../fortress">
+
+ <STRONG>Fortress</STRONG>
+
+ </a>
+ </div><!-- subProjectsNavBar -->
+ </div><!-- header -->
+ <div id="content">
+ <div id="leftColumn">
+
+<div id="navigation">
+
+ <ul>
+ <li>
+ <a href="http://bit.ly/1n9YlQT" target="_blank">
+ <img src="./../../images/ApacheConBudapest.png" width="125" height="125" alt="I'm Speaking at ApacheCon Europe 2014! Join me!" title="I'm Speaking at ApacheCon Europe 2014! Join me!" border="0" style="margin-bottom:-3px;"/>
+
+ </a>
+ </li>
+ </ul>
+ <h5>Fortress</h5>
+ <ul>
+ <li><a href="./../../fortress/">Home</a></li>
+ <li><a href="./../../fortress/">History</a></li>
+ <li><a href="./../../fortress/news.html">News</a></li>
+ </ul>
+ <h5>Downloads</h5>
+ <ul>
+ <!--li><a href="./../../fortress/downloads.html">Core 1.0.0-RC39</a> <IMG src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+ <li><a href="./../../fortress/downloads.html">EnMasse 1.0.0-RC39</a> <IMG src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+ <li><a href="./../../fortress/downloads.html">Commander 1.0.0-RC39</a> <IMG src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+ <li><a href="./../../fortress/downloads.html">Realm 1.0.0-RC39</a> <IMG src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+ <li><a href="./../../fortress/download-old-versions.html">Older versions</a></li-->
+ </ul>
+ <h5>Getting Started</h5>
+ <ul>
+ <li><a href="./../../fortress/vision.html">Vision</a></li>
+ <li><a href="./../../fortress/issues.html">Issues</a></li>
+ </ul>
+ <h5>Documentation</h5>
+ <ul>
+ <li><a href="./../../fortress/overview.html">Overview</a></li>
+ <li><a href="./../../fortress/quick-start.html">Quick Start</a></li>
+ <li><a href="./../../fortress/user-guide.html">Users Guide</a></li>
+ <!--li><a href="./../../fortress/gen-docs/latest/apidocs/">JavaDocs</a></li-->
+ <!--li><a href="./../../fortress/gen-docs/latest/xref/">Cross-Reference</a></li-->
+ <!--li><a href="./../../fortress/gen-docs/latest/">Generated Reports</a></li-->
+ <!--li><a href="./../../fortress/developer-guide.html">Developer Guide</a></li-->
+ </ul>
+
+
+ <h5>Support</h5>
+ <ul>
+ <li><a href="./../../mailing-lists-and-irc.html">Mailing Lists & IRC</a></li>
+ <li><a href="./../../sources.html">Sources</a></li>
+ <li><a href="./../../issue-tracking.html">Issue Tracking</a></li>
+ <li><a href="./../../commercial-support.html">Commercial Support</a></li>
+ </ul>
+ <h5>Community</h5>
+ <ul>
+ <li><a href="./../../contribute.html">How to Contribute</a></li>
+ <li><a href="./../../team.html">Team</a></li>
+ <li><a href="./../../original-project-proposal.html">Original Project Proposal</a></li>
+ <li><a href="./../../special-thanks.html" class="external-link" rel="nofollow">Special Thanks</a></li>
+ </ul>
+ <h5>About Apache</h5>
+ <ul>
+ <li><a href="http://www.apache.org/">Apache</a></li>
+ <li><a href="http://www.apache.org/licenses/">License</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+
+</div><!-- navigation -->
+
+ </div><!-- leftColumn -->
+ <div id="rightColumn">
+
+
+ <div class="nav">
+ <div class="nav_prev">
+
+ <a href="1.2-what-is-not-rbac.html">1.2 - What ANSI RBAC is not</a>
+
+ </div>
+ <div class="nav_up">
+
+ <a href="1-intro-rbac.html">1 - An Introduction to Role-Based Access Control ANSI INCITS 359-2004</a>
+
+ </div>
+ <div class="nav_next">
+
+ <a href="1.4-why-rbac-is-important.html">1.4 - Why is ANSI RBAC Important?</a>
+
+ </div>
+ <div class="clearfix"></div>
+ </div>
+
+
+<h1 id="13-what-ansi-rbac-is">1.3 - What ANSI RBAC is</h1>
+<p>There is more to RBAC than using a Role object during policy enforcement.</p>
+<ul>
+<li>ANSI INCITS 359-2001, <a href="http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf">http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf</a> - The ANSI specification describes RBAC and provides functional specifications in Z-notation. </li>
+</ul>
+<p><img alt="ANSI RBAC Specification" src="images/ANSIRBAC-Spe.png" /></p>
+<ul>
+<li>RBAC0 - Users, Roles, Permissions (Objects-Operations), Sessions - Form the Core of ANSI RBAC. Role activation and Permissions mapped to Object->Operation pairing are key facets of the basic ANSI RBAC model.</li>
+</ul>
+<p><img alt="" src="images/RbacCore.png" /> </p>
+<ul>
+<li>RBAC1 - Hierarchical Roles - Encourages proper role engineering. Parent roles are Business Roles while child roles map to IT Roles. Role hierarchies should be many-to-many or multi-inheritance.</li>
+</ul>
+<p><img alt="" src="images/RbacHier.png" /> </p>
+<ul>
+<li>RBAC2 - Static Separation of Duties - Used to limit the privilege of users to within normal boundaries. SSD constraints are applied at role assignment time.</li>
+</ul>
+<p><img alt="" src="images/RbacSSD.png" /> </p>
+<ul>
+<li>RBAC3 - Dynamic Separation of Duties - Enforces constraints on what functions may used together at any point in time. DSD constraints may be used to enforce strict controls during multi-step approval processes. DSD constraints are applied at role activation time.</li>
+</ul>
+<p><img alt="" src="images/RbacDSD.png" /> </p>
+<ul>
+<li>
+<p>Well defined APIs that can be shared across projects and application development teams.</p>
+</li>
+<li>
+<p>Well defined data model. Easily created and replicated across the enterprise.</p>
+</li>
+</ul>
+
+
+ <div class="nav">
+ <div class="nav_prev">
+
+ <a href="1.2-what-is-not-rbac.html">1.2 - What ANSI RBAC is not</a>
+
+ </div>
+ <div class="nav_up">
+
+ <a href="1-intro-rbac.html">1 - An Introduction to Role-Based Access Control ANSI INCITS 359-2004</a>
+
+ </div>
+ <div class="nav_next">
+
+ <a href="1.4-why-rbac-is-important.html">1.4 - Why is ANSI RBAC Important?</a>
+
+ </div>
+ <div class="clearfix"></div>
+ </div>
+
+
+ </div><!-- rightColumn -->
+ <div id="endContent"></div>
+ </div><!-- content -->
+ <div id="footer">© 2003-2014, <a href="http://www.apache.org">The Apache Software Foundation</a> - <a href="./../../privacy-policy.html">Privacy Policy</a><br />
+ Apache Directory, ApacheDS, Apache Directory Server, Apache Directory Studio, Apache LDAP API, Apache Triplesec, Triplesec, Apache Mavibot, Mavibot, Apache eSCIMo, eSCIMo, Fortress, Apache Fortress, EnMasse,
+ Apache EnMasse, Apache, the Apache feather logo, and the Apache Directory project logos are trademarks of The Apache Software Foundation.
+ </div>
+ </div><!-- container -->
+ </body>
+</html>
Added: websites/staging/directory/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacCore.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacCore.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacDSD.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacDSD.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacHier.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacHier.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacSSD.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/fortress/user-guide/images/RbacSSD.png
------------------------------------------------------------------------------
svn:mime-type = image/png