portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Grinshtein, Artem" <Artem.Grinsht...@t-systems.com>
Subject RE: [J2] group and role hierarchy
Date Wed, 16 Jun 2004 14:59:10 GMT
Hello,

This is a patch for the security component that enables hierarchical roles and groups. The
patch contains implementation of generalization and agrregation strategies. The default strategy
is generalization. It's possible to set different strategies for groups and roles.
 
The group/role hierarchy is resolved by adding grope/role principals dependend on strategy
to the user's subject.

Regards,
Artem

> -----Urspr√ľngliche Nachricht-----
> Von: David Le Strat [mailto:dlestrat@yahoo.com]
> Gesendet: Dienstag, 8. Juni 2004 03:27
> An: Jetspeed Developers List
> Betreff: Re: [J2] group and role hierarchy
> 
> 
> Artem,
> 
> You are absolutely correct.  We need to tackle this,
> The current implementation does not do a good job at
> this yet. Patches are welcome ;)
> 
> I believe that the most common implementation is the
> generalization strategy.  This should be the default
> in my mind.  Supporting multiple strategies is I
> believe a nice to have for now.  Thoughts?
> 
> Regards,
> 
> David.
> 
> --- "Grinshtein, Artem"
> <Artem.Grinshtein@t-systems.com> wrote:
> > Hello All,
> > 
> > IMHO, the term "hierarchical" is not clearly defined
> > in jetspeed.  There is more than one meaning for
> > hierarchical roles/groups according to
> > http://www.doc.ic.ac.uk/~ecl1/papers/rbac99.pdf. 
> > For example, there're 3 hierarchical roles:
> > -R1
> > --R1.1
> > --R1.2
> > with persmissions:
> > grand R1 { permission P1 }
> > grand R1.1 { permission P2 }
> > grand R1.2 { permission P3 }
> > 
> > By a generalisation hierarchy ("is a"-hierarchy):
> > R1 has [P1]
> > R1 has [P1,P2]
> > R1 has [P1,P3]
> > 
> > and by a agrregation hierarchy ("part of")
> > R1 has [P1,P2,P3]
> > R1 has [P2]
> > R1 has [P3].
> > 
> > What type of hierarchy will be supported? Does it
> > make any sence to support different types?
> > 
> > Regards,
> > Artem
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > jetspeed-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > jetspeed-dev-help@jakarta.apache.org
> > 
> 
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Friends.  Fun.  Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/ 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
> 
> 

Mime
View raw message