You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Grinshtein, Artem" <Ar...@t-systems.com> on 2004/06/07 16:21:50 UTC

[J2] group and role hierarchy

Hello All,

IMHO, the term "hierarchical" is not clearly defined in jetspeed.  There is more than one meaning for hierarchical roles/groups according to http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf. 
For example, there're 3 hierarchical roles:
-R1
--R1.1
--R1.2
with persmissions:
grand R1 { permission P1 }
grand R1.1 { permission P2 }
grand R1.2 { permission P3 }

By a generalisation hierarchy ("is a"-hierarchy):
R1 has [P1]
R1 has [P1,P2]
R1 has [P1,P3]

and by a agrregation hierarchy ("part of")
R1 has [P1,P2,P3]
R1 has [P2]
R1 has [P3].

What type of hierarchy will be supported? Does it make any sence to support different types?

Regards,
Artem







---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

Re: [J2] group and role hierarchy

Posted by David Le Strat <dl...@yahoo.com>.

Artem,

You are absolutely correct.  We need to tackle this,
The current implementation does not do a good job at
this yet. Patches are welcome ;)

I believe that the most common implementation is the
generalization strategy.  This should be the default
in my mind.  Supporting multiple strategies is I
believe a nice to have for now.  Thoughts?

Regards,

David.

--- "Grinshtein, Artem"
<Ar...@t-systems.com> wrote:
> Hello All,
> 
> IMHO, the term "hierarchical" is not clearly defined
> in jetspeed.  There is more than one meaning for
> hierarchical roles/groups according to
> http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf. 
> For example, there're 3 hierarchical roles:
> -R1
> --R1.1
> --R1.2
> with persmissions:
> grand R1 { permission P1 }
> grand R1.1 { permission P2 }
> grand R1.2 { permission P3 }
> 
> By a generalisation hierarchy ("is a"-hierarchy):
> R1 has [P1]
> R1 has [P1,P2]
> R1 has [P1,P3]
> 
> and by a agrregation hierarchy ("part of")
> R1 has [P1,P2,P3]
> R1 has [P2]
> R1 has [P3].
> 
> What type of hierarchy will be supported? Does it
> make any sence to support different types?
> 
> Regards,
> Artem
> 
> 
> 
> 
> 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@jakarta.apache.org
> 



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org