3 key concepts:
For each subject, the active role is the one that the subject is currently using: AR(s: subject) = { the active role for subject s }.
Each subject may be authorized to perform one or more roles: RA(s: subject) = { authorized roles for subject s }.
Each role may be authorized to perform one or more transactions: TA({r: role)} = {transactions authorized for role r}.
Defines:
ROLE: An organizational job function with a clear definition of inherent responsibility and authority (permissions).
Operations
Objects
An entity that contains or receives information
Open issues:
1. Course Introduction: Security basic concepts
2. Access Control models: Authentication and authorization mechanisms
6. Role Based Access Control standard (v3)
7. XACML: extensible Access Control Markup Language
8. Authentication Protocols in distributed system
10. Java Authentication and Authorization Service (JAAS)
11. Network security
12. Network security, security protocols: PGP, SSL
Access Control Mechanisms - CAP 15, Matt Bishop.