[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cloudauthz] attribute/role mapping
regards David On 22/01/2013 15:37, Marian, Radu wrote:
Dear David, Thank you for your insight/inquiry into "organizational roles vs. business process (aka workflow role)" and if the proposed entitlements model has a way to distinguish them. I now understand your question. Organizational roles based on Job Codes, Company Hierarchy, etc. are (will be) part of "Team Profile" topic. The reason I did not show them - I wanted to get a lightly attributed entitlements model out - for discussion. By default all the roles in the current entitlements model are Business Process / Workflow Roles. Organizational roles seem to play a bigger role during Entitlement Assignment phase as well as during Access Provisioning. So currently the "Identifier" topic does not have a relation to "Organization Role" (which does not exist) - so it may be problematic if during Run Time phases Organization Roles are to be checked. Could you please provide links to the white papers you referenced below? Are they freely available? Regards, Radu Marian, MSCS, SCEA, CISSP Bank of America - Charlotte, NC VP, Architect 2, Enterprise Security Architecture Business phone number: (704) 628-6874 an Enterprise without Ontology is like a country without a map. -----Original Message----- From: cloudauthz@lists.oasis-open.org [mailto:cloudauthz@lists.oasis-open.org] On Behalf Of David Chadwick Sent: Monday, January 21, 2013 2:25 PM To: cloudauthz@lists.oasis-open.org Subject: [cloudauthz] attribute/role mapping Dear All Regarding the Entitlement Ontology diagram (https://www.oasis-open.org/apps/org/workgroup/cloudauthz/download.php/47813/entitlement.ontology.png) I raised the issue of attribute or role mapping between the organisational role that a user possesses and the business process role that is needed to participate in the workflow. Either the entitlement should contain the workflow role and the mapping be done by the entitlement provider, or the entitlement contains the organisational role and the mapping is done by the resource provider. In our own research we are currently adding the latter approach to OpenStack. There are a number of published papers that talk about this, e.g. M. Coetzee and J.H.P. Eloff. Virtual Enterprise Access Control Requirements. In Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology (SAICSIT), volume 47, pages 285-294. ACM Press, 2003. B. S. Firozabadi, O. Olsson, and E. Rissanen. Managing Authorisations in Dynamic Coalitions. Technical report, Swedish Institute of Computer Science, 2003. M. H. Kang, J. S. Park, and J. N. Froscher. Access Control Mechanisms for Inter-Organizational Workflow. In Proceedings of the sixth ACM symposium on Access control models and technologies, pages 66-74, Chantilly, Virginia, USA, May 2001. ACM Press. J. S. Park, K. P. Costello, T. M. Neven, and J. A. Diosomito. A Composite RBAC Approach for Large, Complex Organizations. In Proceedings of the ninth ACM symposium on Access control models and technologies, pages 163-172, Yorktown Heights, New York, USA, June 02-04 2004. ACM Press. regards David --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]