Download
1 / 7
70 likes | 181 Vues
This document outlines proposals for harmonizing security vocabulary related to role-based access control (RBAC) as discussed by Kathleen Connor from the VA (ESC) in February 2012. It includes an overview of authorization classes from a security perspective, highlighting the relationships between security roles, operations, and information references. The study also emphasizes that a basic policy comprises roles and permissions, with a clear distinction made between roles and composite permissions, including their components such as information objects and operations.
E N D
Security Vocabulary Proposals for March Harmonization Kathleen Connor VA (ESC) February 2012
March Harmonization Vocabulary new new
RBAC Permission in DAMFigure 1.1.1: Authorization (Role-based Access Control) Classes
DAM Security Perspective and RBAC Permission Side-by-Side DAM Security Perspective • Basic Policy is composed of: • [*] Security Role • [*]Operations • [*] Information Reference • Composed of [*] Information Object • Security Role is not composed of any other class RBAC Permission • Permission is a composite object of Role • Permission is composed of • [1..1]Information Object • [1..1] Operation
