I want to store rights for the concept of the concept. I know that access control (DAC, MAC, RBAC, .) There are different ways. My first idea was using the database, but I'm looking for some more prestigious standards like XACML, but unfortunately I have not got some real options. Thanks for any tip! First, take a step backward and look for comparable objects. First of all, take a step backward and look for comparable objects.
In the access control you have different models which have come up over time. Historically, you had DAC and Mac before you had the concept of access control lists (also known as identity-based access control or IBAC).
Then suddenly, the sole identity of a user was no longer enough, we started to organize users into roles and groups. Due to this, NIAT formally made a standard form for making RBAC or role-based access control.
Fast forward 10+ years and roles are no longer enough. ACL and RBAC are also user-centric They do not meet references or relationships They are not sufficiently subtle A new model emerges ABAC or feature-based access control emerges. NIST ABAC is also in the process of standardization. ABAC is capable of implementing any type of access control and can meet user, resource, verb, and contextual features.
You can read more.
So, what about XACML? XACML - The ABAC model is implemented. This is the most widely spread of ABAC. Ask you what options are included in the minds of some people:
- SecPal: Was it (was?) A Microsoft Research Initiative to do the best of its knowledge, use it to research Is not carried out.
- A policy based access control model is not widely spread.
- Microsoft has its own language for a Windows server named SDDL. You can read.
However, most ABAC implementations I have seen that XACML or home-energy code + RBAC mix. Needless to say, the latter is not really well enough and it is difficult to maintain.
If you want to know more, check the following resources:
- My personal
Comments
Post a Comment