Roles, Permissions, and Access Control

[Les Hazlewood <lh...@apache.org>]

For those that might want a better backstory on Shiro's approach to
permissions and why it exists, or if you'd like to understand them
better, I created the following blog article:

The New RBAC: Resource-Based Access Control:
http://www.katasoft.com/blog/2011/05/09/new-rbac-resource-based-access-control

I hope it helps people new to Shiro (or new to security in general)
better understand this very powerful feature that has been supported
in Shiro since day one.

Cheers,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

Re: Roles, Permissions, and Access Control

[Pastore_Italy <m....@datasiel.net>]

Hi,
I appreciate your post.
I would like to suggest you to cite the 
http://csrc.nist.gov/groups/SNS/rbac/ NIST RBAC Section  and the 
http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf  RBAC reference model  
that was the base of  ANSI INCITS 359 2004 standard.

Shiro implementation of RBAC how compares to the above standard? What level
it does implement (base, hierarchical, constrained)? What is foreseen in the
roadmap about RBAC and SAML/XACML?

There is any tool to manage Role and Permission configuration?

Do you know any othe open source project that is dealing with RBAC and/or
XACML, apart OpenRBAC, Fortress and SUN XACML implementation?

Thanks for your kind attention
Maurizio

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Roles-Permissions-and-Access-Control-tp6356853p7146322.html
Sent from the Shiro User mailing list archive at Nabble.com.