An access control architecture for managing large-scale network applications
| Autor: | Hemi Trickey, Alvin Barshefsky |
|---|---|
| Rok vydání: | 2004 |
| Předmět: |
Service (systems architecture)
Hierarchy Delegation business.industry Computer science media_common.quotation_subject Distributed computing Access control Application service provider Privilege (computing) Inheritance (object-oriented programming) Network management Electrical and Electronic Engineering business Computer network media_common |
| Zdroj: | Bell Labs Technical Journal. 8:29-38 |
| ISSN: | 1089-7089 |
| DOI: | 10.1002/bltj.10084 |
| Popis: | We describe an access control architecture that targets large-scale network management solutions and other systems where there are many securable objects arranged in a natural hierarchy and where user roles are primarily broken down along a parallel hierarchy. In contrast to typical hierarchical role-based access control (HRBAC) systems, this design is based on a non-hierarchical role model connecting user groups, operations, and objects and infers privilege inheritance from the object hierarchy. Furthermore, this design treats user groups and user administrative operations in the same way as application objects and operations, enabling administrative delegation to arbitrary granularity with the same implicit role inheritance. This enables key use cases for large organizations or application service providers by allowing a single application instance to be shared among multiple noncoordinating users with fully delegated user management. We discuss the use of this design in a Lucent Worldwide Services (LWS) service offering. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Plný text