Tuesday, October 9, 2007

CEC: Enterprise Level Role Based Access Control and the Coming Perfect Storm

IdM and RBAC are the next "new thing" Manage roles not users.

Why is it a perfect storm. SOX, Periodic Access Review. larger numbers of users, LDAP has good penetration. RBAC clarification in the industry from NIST.


  1. Level 1, flat
  2. Level 2 hierarchial
    1. Inherited
    2. Activated
  3. Level 3, constrained
    1. must enforce separation of duties at the role level
    2. static and dynamic (check at session creation and deny)
  4. Level 4, symetrical with permission review
    1. SOD inspection of permissions granted by roles in addition to role conflicts
    2. performance must be roughly equiv
Federation/Extranet: Some interesting concepts gaining traction. Sun Managed Operations could use this (theoretical) to centralize synamic user management without requiring customers to add our users to their systems. (all dependent on customer requirements, this is not a solution that we support now and may never support :) this is a forward looking random note)

No comments:

Post a Comment