...
| Warning | ||
|---|---|---|
| ||
Please see the new version. |
| Note | ||
|---|---|---|
| ||
https://spaces.at.internet2.edu/pages/editpage.action?pageId=24578236 |
A Group is a collection of subjects. An example of using a group without using authorization is an email list. A Role is a collection of privileges that is shared by all subjects assigned to the role, which generally describes the subjects' affiliation, job function, or responsibility. A Resource is the part of the system which needs to be protected by authorization, and it represents a noun in a privilege assignment. The Action is the verb of the privilege assignment which allows a resource to be assigned to a subject in various ways without creating more resources . For example SubjectA can view (action) the Math department data (resource). A Privilege Assignment associates the subject with the actions and resources that they are allowed to perform. A Limit is a condition on the privilege assignment which must be true at run-time for the privilege assignment to be allow. Examples of limits are time of day, source IP address, amounts of approvals, etc.
...