[Ma-linux] life is such a quibble
Johnson, Steve (NIH/OD/ORS) [E]
johnsons at vrp.ncrr.nih.gov
Wed Sep 19 15:12:31 EDT 2007
A long standing project of mine, or research venture, is Role Based
Access Control, the paradigm for SecureLINUX.
And what luck, Amazon reader makes available snippets from the Ferraiolo
monograph.
here is a quote:
Property 3. If static SoD holds, then DSD is maintained. . . .
In Figure 5.2 for example, if a user in the role "accounts receivable
clerk"
will never need to have access to the role "billing clerk" static
separation
can be established for these role. Since the SoD constraint . . .
SoD must be separation of duties, alias accounting "controls".
Note that "accounts receivable clerk" is on the left side of the
accounting equation, being an asset for the organization.
What this goes to show though is the type corporate organization
RBAC successfully models, MAC or DAC being closer to the level
a computer administrator works on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/ma-linux/attachments/20070919/a0da005f/attachment-0001.html
More information about the Ma-linux
mailing list