Home » Eclipse Projects » Equinox » Questions on rbac (role based access control) in an RCP
| Questions on rbac (role based access control) in an RCP [message #70911] |
Wed, 26 July 2006 14:20  |
Eclipse User |
|
|
|
Originally posted by: denpark.cisco.com
Questions with rbac in the RCP.
**rbac = Role based access control - Security topic, within the
authorization (authZ) and authentication (authN) domain.
As of release 3.2, what is the prescribe technique to solve this problem? I
have read about and am familiar with the issues addressed in the Neil
Barlett's Eclipse-JAAS project (SourceForge), Kim Horne's EclipseCon '05
presentations on Activities/Roles, the UserAdmin and the UserPermissions
services currently present in the org.osgi.services API, as well as the
discussion that have been help on equinox newgroup threads between Phillip
Boron, Andre Oosthuizen, and Pascal Rapicault concerning this issue. I am
assuming that the osgi.services API is the planned/prescribed route for
addressing this problem. If this is true, can you point me to an example in
the 3.2/3.3 code base that I can use as a reference implementation? Is the
Higgens project something to look into for more answers on this issue or is
Trust a different problem domain? What can you tell me about using AOP
techniques as a way to solving this problem? It seems as though the
techniques that AOP introduces is clean, elegant, and practical way to
implementing a solution for this problem space. Check out
http://www.manning-source.com/books/laddad/laddad_ch10.zip for more info on
using AOP techniques as a solution for authZ.
Any others that are interested in following this trail of activity -- here
are the the relevant links:
http://www.osgi.org/documents/collateral/TechnicalWhitePaper 2005osgi-sp-overview.pdf
http://bundles.osgi.org/javadoc/r2/org/osgi/service/useradmi n/UserAdmin.html
http://wiki.eclipse.org/index.php/Equinox_Planning_-_3.3
http://www.ji.co.za/unplugged/?p=23
http://www.eclipse.org/equinox/incubator/security/SecurityCo ncerns.html
http://www.ji.co.za/unplugged/?p=45
http://www.eclipse.org/equinox/incubator/security/documents/ osgicongress2005/habeck_pistoia_1012_1545.ppt
http://www.ji.co.za/unplugged/?p=32
http://www.eclipse.org/equinox/incubator/security/EJS/ejs.ht ml
http://www.ji.co.za/unplugged/?p=25
http://www.eclipse.org/equinox/incubator/security/index.html
|
|
|
| Re: Questions on rbac (role based access control) in an RCP [message #70941 is a reply to message #70911] |
Wed, 26 July 2006 14:42  |
| Eclipse User |
|
|
|
Originally posted by: denpark.cisco.com
The problem is one that many should be familiar with, as it is a typical
requirement,..let me know if I missed anything.
Here are the specifics:
*RCP application composed of a set of plugins *set of end users *set of
roles, (probably static).
*each end user has set of roles, where the end user must have at least 1
role.
*each role should be mapped to some set of workbenchparts, actions,
perspectives,etc.
*each mapping that the role has should have a 'permissions' state variable,
where the permission can either be read OR write.
*each role should only see the specific set of workbenchparts, actions,
perspectives,etc that is associated with their roles.
Summary - superuser should see everything (full set), not superuser should
'some' things (subset).
"Dennis Park" <denpark@cisco.com> wrote in message
news:ea8bpm$kte$1@utils.eclipse.org...
> Questions with rbac in the RCP.
>
> **rbac = Role based access control - Security topic, within the
> authorization (authZ) and authentication (authN) domain.
>
> As of release 3.2, what is the prescribe technique to solve this problem?
> I have read about and am familiar with the issues addressed in the Neil
> Barlett's Eclipse-JAAS project (SourceForge), Kim Horne's EclipseCon '05
> presentations on Activities/Roles, the UserAdmin and the UserPermissions
> services currently present in the org.osgi.services API, as well as the
> discussion that have been help on equinox newgroup threads between Phillip
> Boron, Andre Oosthuizen, and Pascal Rapicault concerning this issue. I
> am assuming that the osgi.services API is the planned/prescribed route for
> addressing this problem. If this is true, can you point me to an example
> in the 3.2/3.3 code base that I can use as a reference implementation? Is
> the Higgens project something to look into for more answers on this issue
> or is Trust a different problem domain? What can you tell me about using
> AOP techniques as a way to solving this problem? It seems as though the
> techniques that AOP introduces is clean, elegant, and practical way to
> implementing a solution for this problem space. Check out
> http://www.manning-source.com/books/laddad/laddad_ch10.zip for more info
> on using AOP techniques as a solution for authZ.
>
> Any others that are interested in following this trail of activity -- here
> are the the relevant links:
>
>
> http://www.osgi.org/documents/collateral/TechnicalWhitePaper 2005osgi-sp-overview.pdf
>
> http://bundles.osgi.org/javadoc/r2/org/osgi/service/useradmi n/UserAdmin.html
>
> http://wiki.eclipse.org/index.php/Equinox_Planning_-_3.3
>
> http://www.ji.co.za/unplugged/?p=23
>
> http://www.eclipse.org/equinox/incubator/security/SecurityCo ncerns.html
>
> http://www.ji.co.za/unplugged/?p=45
>
> http://www.eclipse.org/equinox/incubator/security/documents/ osgicongress2005/habeck_pistoia_1012_1545.ppt
>
> http://www.ji.co.za/unplugged/?p=32
>
> http://www.eclipse.org/equinox/incubator/security/EJS/ejs.ht ml
>
> http://www.ji.co.za/unplugged/?p=25
>
> http://www.eclipse.org/equinox/incubator/security/index.html
>
>
>
>
|
|
|
Goto Forum:
Current Time: Fri May 09 18:21:52 EDT 2025
Powered by FUDForum. Page generated in 0.02419 seconds |
Home