You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/10/27 16:14:41 UTC
svn commit: r1634562 - in /directory/site/trunk/content/fortress/user-guide:
1.3-what-rbac-is.mdtext images/ANSIRBAC-Spec.png images/RbacCore.png
images/RbacDSD.png images/RbacHier.png images/RbacSSD.png
Author: elecharny
Date: Mon Oct 27 15:14:40 2014
New Revision: 1634562
URL: http://svn.apache.org/r1634562
Log:
Added a UG page with images
Added:
directory/site/trunk/content/fortress/user-guide/1.3-what-rbac-is.mdtext
directory/site/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png (with props)
directory/site/trunk/content/fortress/user-guide/images/RbacCore.png (with props)
directory/site/trunk/content/fortress/user-guide/images/RbacDSD.png (with props)
directory/site/trunk/content/fortress/user-guide/images/RbacHier.png (with props)
directory/site/trunk/content/fortress/user-guide/images/RbacSSD.png (with props)
Added: directory/site/trunk/content/fortress/user-guide/1.3-what-rbac-is.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/user-guide/1.3-what-rbac-is.mdtext?rev=1634562&view=auto
==============================================================================
--- directory/site/trunk/content/fortress/user-guide/1.3-what-rbac-is.mdtext (added)
+++ directory/site/trunk/content/fortress/user-guide/1.3-what-rbac-is.mdtext Mon Oct 27 15:14:40 2014
@@ -0,0 +1,51 @@
+Title: 1.3 - What ANSI RBAC is
+NavPrev: 1.2-what-is-not-rbac.html
+NavPrevText: 1.2 - What ANSI RBAC is not
+NavUp: 1-intro-rbac.html
+NavUpText: 1 - An Introduction to Role-Based Access Control ANSI INCITS 359-2004
+NavNext: 1.4-why-rbac-is-important.html
+NavNextText: 1.4 - Why is ANSI RBAC Important?
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+# 1.3 - What ANSI RBAC is
+
+There is more to RBAC than using a Role object during policy enforcement.
+
+* ANSI INCITS 359-2001, [http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf](http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf) - The ANSI specification describes RBAC and provides functional specifications in Z-notation.
+
+![ANSI RBAC Specification](images/ANSIRBAC-Spe.png)
+
+* RBAC0 - Users, Roles, Permissions (Objects-Operations), Sessions - Form the Core of ANSI RBAC. Role activation and Permissions mapped to Object->Operation pairing are key facets of the basic ANSI RBAC model.
+
+![](images/RbacCore.png)
+
+* RBAC1 - Hierarchical Roles - Encourages proper role engineering. Parent roles are Business Roles while child roles map to IT Roles. Role hierarchies should be many-to-many or multi-inheritance.
+
+![](images/RbacHier.png)
+
+* RBAC2 - Static Separation of Duties - Used to limit the privilege of users to within normal boundaries. SSD constraints are applied at role assignment time.
+
+![](images/RbacSSD.png)
+
+* RBAC3 - Dynamic Separation of Duties - Enforces constraints on what functions may used together at any point in time. DSD constraints may be used to enforce strict controls during multi-step approval processes. DSD constraints are applied at role activation time.
+
+![](images/RbacDSD.png)
+
+* Well defined APIs that can be shared across projects and application development teams.
+
+* Well defined data model. Easily created and replicated across the enterprise.
Added: directory/site/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png?rev=1634562&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/fortress/user-guide/images/ANSIRBAC-Spec.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: directory/site/trunk/content/fortress/user-guide/images/RbacCore.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/user-guide/images/RbacCore.png?rev=1634562&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/fortress/user-guide/images/RbacCore.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: directory/site/trunk/content/fortress/user-guide/images/RbacDSD.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/user-guide/images/RbacDSD.png?rev=1634562&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/fortress/user-guide/images/RbacDSD.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: directory/site/trunk/content/fortress/user-guide/images/RbacHier.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/user-guide/images/RbacHier.png?rev=1634562&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/fortress/user-guide/images/RbacHier.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: directory/site/trunk/content/fortress/user-guide/images/RbacSSD.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/user-guide/images/RbacSSD.png?rev=1634562&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/fortress/user-guide/images/RbacSSD.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream