directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [Triplesec] [AuthZ] Applications and Roles
Date Fri, 26 Oct 2007 18:48:41 GMT
Is one role limited to aggregate permissions within an application?

What about
- roles that aggregate roles (hierarchical roles)
- roles that aggregate roles and permissions of different applications
or systems (enterprise roles)



> Applications and Roles
> ---------------------------------
>                                 
> Application designers devise security permissions and roles specific to
> applications.  These
> roles represent a set of rights authorizing principals to perform
> operations or access resources
> that must be allowed to fulfill a specific coherent function within
> applications.  These rights to
> access resources are the permissions.  The set of these permissions,
> needed for a logical
> function to be conducted in the application, is a role.
> 
> To be concise we extract the following glossary definitions:
> 
> Permission:
>    A right required by a system or application to authorize principals
> to perform a
>    specific operation or access a resource in some manner.
> 
> Role:
>    A set of permissions required by a principal to be authorized to
> fulfill a logical function
>    within a system or application.
> 
> Thanks,
> Alex


Mime
View raw message