Old Release

This documentation covers an old version of Fedora. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

UNDER DEVELOPMENT

Role-based access control is a common pattern in security, providing extensible role-specific behavior while retaining straightforward management. This module creates a standard API to assign and query roles on Fedora objects.

Objects do not have permissions specified in their properties;  rather, objects have roles assigned, and then permissions are mapped onto roles elsewhere.  This makes it much easier to manage permissions globally:  rarely will masses of objects need to be updated if their permissions change.  Only the role-to-permission mapping will be updated.

The module does not define the set of roles that may be assigned. If you choose to configure a set of supported roles, then the roles assigned via this API will be validated.

Order of operation:

  • A user comes into the system.  They are assigned a principal:
    • If they authenticate through some authentication gateway, then their principal may be generated from some of the person's attributes;
    • If they don't authenticate, then they may be assigned a default principal (such as "guest").
      • Question:  do we have default principals?  Or only a default role, which is assigned if no principal is available?
  • The principal is then mapped onto one or more roles.  Roles are basically bundles of permissions.
  • The user then makes a request for a given object.  The Fedora PDP will then query the object for the roles it has assigned, compare that to the roles the use has attached to their principal, determine the permissions the user has on the given object, and approve or deny the specific request.
  • Based on the decision returned from the PDP, the Fedora PEP will approve or deny the request.

This module assigns roles to generic security principals, i.e. any class that implements java.security.Principal. Roles are serialized and matched against the principal name, a string property of the principal. All the principals used in your repository environment must have unique names. Other than that, you may use whatever principals you wish. This module does not validate principal names.

  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.