[JBoss AS 7 Development] - ManagementLayer RBAC
by Heiko Braun
Heiko Braun [https://community.jboss.org/people/heiko.braun] modified the document:
"ManagementLayer RBAC"
To view the document, visit: https://community.jboss.org/docs/DOC-47854
--------------------------------------------------------------
Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
* S= Subject = A person or automated agent
* R = Role = Job function or title which defines an authority level
* P = Permissions = An approval of a mode of access to a resource
* SE = Session = A mapping involving S, R and/or P
*Generic Requirements*
* Provide a usable (in terms of complexity), yet comprehensive base model
* Provide a set of out-of-the-box roles & permissons that reflect common authorization requirements
* Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
* Provide the management operations to retrieve session information (i.e. roles assigned, permissions granted, etc)
* Clearly distinguish security exceptions from other operation errors (i.e. custom response headers)
* Mappability with existing authorisation schemes (i.e. JON)
*Specific Requirements*
+Provide an authorization scheme that distinguishes structural & behavioural permission+:
* structural permissions: control access to resources (i.e. restrict visibility of server groups)
* behavioural permission: control execution on resources (i.e. lock down certain operations, distinguish read & read/write access)
*Use cases*
See https://community.jboss.org/docs/DOC-47856 RBACUsecases*
*
*Advanced Topics*
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility
--------------------------------------------------------------
Comment by going to Community
[https://community.jboss.org/docs/DOC-47854]
Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&c...]
11 years, 5 months
[JBoss AS 7 Development] - ManagementLayer RBAC
by Heiko Braun
Heiko Braun [https://community.jboss.org/people/heiko.braun] modified the document:
"ManagementLayer RBAC"
To view the document, visit: https://community.jboss.org/docs/DOC-47854
--------------------------------------------------------------
Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
* S= Subject = A person or automated agent
* R = Role = Job function or title which defines an authority level
* P = Permissions = An approval of a mode of access to a resource
* SE = Session = A mapping involving S, R and/or P
*Generic Requirements*
* Provide a usable (in terms of complexity), yet comprehensive base model
* Provide a set of out-of-the-box roles & permissons that reflect common authorization requirements
* Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
* Provide the management operations to retrieve session information (i.e. roles assigned, permissions granted, etc)
* Clearly distinguish security exceptions from other operation errors (i.e. custom response headers)
*Specific Requirements*
+Provide an authorization scheme that distinguishes structural & behavioural permission+:
* structural permissions: control access to resources (i.e. restrict visibility of server groups)
* behavioural permission: control execution on resources (i.e. lock down certain operations, distinguish read & read/write access)
*Use cases*
See https://community.jboss.org/docs/DOC-47856 RBACUsecases*
*
*Advanced Topics*
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility
--------------------------------------------------------------
Comment by going to Community
[https://community.jboss.org/docs/DOC-47854]
Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&c...]
11 years, 5 months
[JBoss AS 7 Development] - ManagementLayer RBAC
by Heiko Braun
Heiko Braun [https://community.jboss.org/people/heiko.braun] modified the document:
"ManagementLayer RBAC"
To view the document, visit: https://community.jboss.org/docs/DOC-47854
--------------------------------------------------------------
Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
* S= Subject = A person or automated agent
* R = Role = Job function or title which defines an authority level
* P = Permissions = An approval of a mode of access to a resource
* SE = Session = A mapping involving S, R and/or P
*Generic Requirements*
* Provide a usable (in terms of complexity), yet comprehensive base model
* Provide a set of out-of-the-box roles & permissons that reflect common authorization requirements
* Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
* Provide the management operations to retrieve session information (i.e. roles assigned, permissions granted, etc)
*Specific Requirements*
+Provide an authorization scheme that distinguishes structural & behavioural permission+:
* structural permissions: control access to resources (i.e. restrict visibility of server groups)
* behavioural permission: control execution on resources (i.e. lock down certain operations, distinguish read & read/write access)
*Advanced Use Cases / Considerations*
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility
--------------------------------------------------------------
Comment by going to Community
[https://community.jboss.org/docs/DOC-47854]
Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&c...]
11 years, 5 months
[JBoss AS 7 Development] - ManagementLayer RBAC
by Heiko Braun
Heiko Braun [https://community.jboss.org/people/heiko.braun] modified the document:
"ManagementLayer RBAC"
To view the document, visit: https://community.jboss.org/docs/DOC-47854
--------------------------------------------------------------
Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
* S = Subject = A person or automated agent
* R = Role = Job function or title which defines an authority level
* P = Permissions = An approval of a mode of access to a resource
*Generic Requirements*
- Provide a usable (in terms of complexity), yet comprehensive base model
- Provide a set of out-of-the-box roles & permissons that reflect common authorization requirements
- Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
*Specific Requirements*
- Provide an authorization scheme that distinguishes structural & behavioural permission:
> structural permissions: control access to resources (i.e. restrict visibility of server groups)
> behavioural permission: control execution on resources (i.e. lock down certain operations, distinguish read & read/write access)
*Advanced Use Cases / Considerations*
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility
--------------------------------------------------------------
Comment by going to Community
[https://community.jboss.org/docs/DOC-47854]
Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&c...]
11 years, 5 months
[JBoss AS 7 Development] - ManagementLayer RBAC
by Heiko Braun
Heiko Braun [https://community.jboss.org/people/heiko.braun] modified the document:
"ManagementLayer RBAC"
To view the document, visit: https://community.jboss.org/docs/DOC-47854
--------------------------------------------------------------
Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
* S = Subject = A person or automated agent
* R = Role = Job function or title which defines an authority level
* P = Permissions = An approval of a mode of access to a resource
*Generic Requirements*
- Provide a usable (in terms of complexity), yet comprehensive base model
- Provide a set of out-of-the-box roles & permissons that reflect common authorization requirements
- Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
*Specific Requirements*
- [...]*
*
*Advanced Use Cases / Considerations*
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility
--------------------------------------------------------------
Comment by going to Community
[https://community.jboss.org/docs/DOC-47854]
Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&c...]
11 years, 5 months
[JBoss AS 7 Development] - ManagementLayer RBAC
by Heiko Braun
Heiko Braun [https://community.jboss.org/people/heiko.braun] modified the document:
"ManagementLayer RBAC"
To view the document, visit: https://community.jboss.org/docs/DOC-47854
--------------------------------------------------------------
Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
* S = Subject = A person or automated agent
* R = Role = Job function or title which defines an authority level
* P = Permissions = An approval of a mode of access to a resource
*Generic Requirements*
- Provide a usable (in terms of complexity), yet comprehensive base model
- Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
*Specific Requirements*
- [...]*
*
*Advanced Use Cases / Considerations*
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility
--------------------------------------------------------------
Comment by going to Community
[https://community.jboss.org/docs/DOC-47854]
Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&c...]
11 years, 5 months