YakShaving: Shawn Ferry's Weblog
v. intr. [MIT AI Lab, after 2000: orig. probably from a Ren & Stimpy episode.] Any seemingly pointless activity which is actually necessary to solve a problem which solves a problem which, several levels of recursion later, solves the real problem you're working on.
Archives
« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

 Subscribe

Search

Links

 

blogs.sun.com
Weblog
About
Login
 

Today's Page Hits: 276

Locations of visitors to this page
All | Apple | Boring & Healthy | Food | Lame | Music | Sun | Yakshaving
« CEC: Certification | Main | CEC: Monday General... »
20071009 Tuesday October 09, 2007
CEC: Enterprise Level Role Based Access Control and the Coming Perfect Storm

IdM and RBAC are the next "new thing" Manage roles not users.

Why is it a perfect storm. SOX, Periodic Access Review. larger numbers of users, LDAP has good penetration. RBAC clarification in the industry from NIST.

NIST RBAC

  1. Level 1, flat
  2. Level 2 hierarchial
    1. Inherited
    2. Activated
  3. Level 3, constrained
    1. must enforce separation of duties at the role level
    2. static and dynamic (check at session creation and deny)
  4. Level 4, symetrical with permission review
    1. SOD inspection of permissions granted by roles in addition to role conflicts
    2. performance must be roughly equiv
Federation/Extranet: Some interesting concepts gaining traction. Sun Managed Operations could use this (theoretical) to centralize synamic user management without requiring customers to add our users to their systems. (all dependent on customer requirements, this is not a solution that we support now and may never support :) this is a forward looking random note)


Oct 09 2007, 05:53:10 PM EST Permalink

Comments:

Post a Comment:

Comments are closed for this entry.
Blog Information Profile for YakShaving