Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Authorization Framework.

from [Sean Radford] Network Security [Permanent Link]
Subject: Re: Authorization Framework.
Date: Fri, 21 Jan 2005 12:52:53 +0000 
Babu Kopparam wrote:

Hi Experts,

I am working for product company which own around 80 products.
My role is to provide security framework to all the teams.



Good thing. Security is not really unique to any application and so a solution to 'plug in' an existing framework/system should be sought. This is the ethos to the Componenet (& Service Orientated) Architectures that are more and more being utilised.

I have proposed RBAC (referring NIST's specification) as the suitable
solution for Authorization.



This depends on you application needs. Traditional RBAC has grown out of the historical need for a system administrator to manage a system (as they were the only ones to have the IT skills to do so). More a more the access decision should be pushed down to the end-users who are responsible for the data/process.

I want to know if my selection is right OR is there any other widely
used method.

Can you provide some links to gather more information about the same.

Thanks in advance,
-Babu.





--
Dr. Sean Radford, MBBS, MSc
sradford@bladesystems.co.uk
http://bladesys.demon.co.uk/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Authorization Framework., George Capehart
Next by Date:  Re: Authorization Framework., Sean Radford
Previous by Thread:  Re: Authorization Framework., George Capehart
Next by Thread:  Re: Authorization Framework., Sean Radford
Indexes:  [Date] [Thread] [Top] [All Lists]