Modeling RBAC actors using LDAP (Core X.5xx)
Posted
by Tetsujin no Oni
on Server Fault
See other posts from Server Fault
or by Tetsujin no Oni
Published on 2009-05-29T15:38:16Z
Indexed on
2010/05/10
4:49 UTC
Read the original article
Hit count: 454
Mirrored from stackoverflow...
When implementing an RBAC model using an LDAP store (I'm using Apache Directory 1.0.2 as a testbed), some of the actors are obviously mappable to specific objectClasses:
Resources - I don't see a clear mapping for this one. applictionEntity seems only tangentially intended for this purpose Permissions - a Permission can be viewed as a single-purpose Role; obviously I'm not thinking of an LDAP permission, as they govern access to LDAP objects and attributes rather than an RBAC permission to a Resource Roles - maps fairly directly to groupOfNames or groupOfUniqueNames, right? Users - person In the past I've seen models where a Resource isn't dealt with in the directory in any fashion, and Permissions and Roles were mapped to Active Directory Groups.
Is there a better way to represent these actors? How about a document discussing good mappings and intents of the schema?
© Server Fault or respective owner