You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2014/10/27 16:41:22 UTC
svn commit: r927050 - in /websites/staging/directory/trunk/content: ./
fortress/user-guide/1.3-what-rbac-is.html
Author: buildbot
Date: Mon Oct 27 15:41:22 2014
New Revision: 927050
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Oct 27 15:41:22 2014
@@ -1 +1 @@
-1634562
+1634577
Modified: websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html (original)
+++ websites/staging/directory/trunk/content/fortress/user-guide/1.3-what-rbac-is.html Mon Oct 27 15:41:22 2014
@@ -177,23 +177,33 @@
<ul>
<li>ANSI INCITS 359-2001, <a href="http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf">http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf</a> - The ANSI specification describes RBAC and provides functional specifications in Z-notation. </li>
</ul>
-<p><img alt="ANSI RBAC Specification" src="images/ANSIRBAC-Spe.png" /></p>
+<p><CENTER>
+<img alt="ANSI RBAC" src="images/ANSIRBAC-Spe.png" />
+</CENTER></p>
<ul>
<li>RBAC0 - Users, Roles, Permissions (Objects-Operations), Sessions - Form the Core of ANSI RBAC. Role activation and Permissions mapped to Object->Operation pairing are key facets of the basic ANSI RBAC model.</li>
</ul>
-<p><img alt="" src="images/RbacCore.png" /> </p>
+<p><CENTER>
+<img alt="The Core" src="images/RbacCore.png" />
+</CENTER></p>
<ul>
<li>RBAC1 - Hierarchical Roles - Encourages proper role engineering. Parent roles are Business Roles while child roles map to IT Roles. Role hierarchies should be many-to-many or multi-inheritance.</li>
</ul>
-<p><img alt="" src="images/RbacHier.png" /> </p>
+<p><CENTER>
+<img alt="Hierarchical RBAC" src="images/RbacHier.png" />
+</CENTER></p>
<ul>
<li>RBAC2 - Static Separation of Duties - Used to limit the privilege of users to within normal boundaries. SSD constraints are applied at role assignment time.</li>
</ul>
-<p><img alt="" src="images/RbacSSD.png" /> </p>
+<p><CENTER>
+<img alt="Static Separation of Duties" src="images/RbacSSD.png" />
+</CENTER></p>
<ul>
<li>RBAC3 - Dynamic Separation of Duties - Enforces constraints on what functions may used together at any point in time. DSD constraints may be used to enforce strict controls during multi-step approval processes. DSD constraints are applied at role activation time.</li>
</ul>
-<p><img alt="" src="images/RbacDSD.png" /> </p>
+<p><CENTER>
+<img alt="Dynamic Separation of Duties" src="images/RbacDSD.png" />
+</CENTER></p>
<ul>
<li>
<p>Well defined APIs that can be shared across projects and application development teams.</p>