Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Authorization Framework.

from [Sean Radford] Network Security [Permanent Link]
Subject: Re: Authorization Framework.
Date: Fri, 21 Jan 2005 13:48:33 +0000 
Babu Kopparam wrote:

Hi Experts,

I am working for product company which own around 80 products.
My role is to provide security framework to all the teams.



Good thing. Security is not really unique to any application and so a
solution to 'plug in' an existing framework/system should be sought.
This is the ethos to the Componenet (& Service Orientated) Architectures
that are more and more being utilised.

I have proposed RBAC (referring NIST's specification) as the suitable
solution for Authorization.



This depends on you application needs. Traditional RBAC has grown out of
the historical need for a system administrator to manage a system (as
they were the only ones to have the IT skills to do so). More a more the
access decision should be pushed down to the end-users who are
responsible for the data/process - as they are the ones who truly know
who should have access to what.

I want to know if my selection is right OR is there any other widely
used method.

Can you provide some links to gather more information about the same.

Thanks in advance,
-Babu.




Particularly if your different applications are integrated you may want
to think along the lines of using an Identity (and Access) Management
system.

Regards,

Sean

--
Dr. Sean Radford, MBBS, MSc
sradford@aegeus-technology.com
http://www.aegeus-technology.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Authorization Framework., Sean Radford
Next by Date:  [Fwd: Re: [SC-L] ZDNnet: Securing data from the threat within [bybuying products]], George Capehart
Previous by Thread:  Re: Authorization Framework., Sean Radford
Next by Thread:  [Fwd: Re: [SC-L] ZDNnet: Securing data from the threat within [bybuying products]], George Capehart
Indexes:  [Date] [Thread] [Top] [All Lists]