Towards an Attribute-Based Role-Based Access Control System
HTML-код
- Опубликовано: 8 фев 2025
- We’ve all heard that RBAC doesn’t work. It leads to ‘Role Explosion’, a huge number of roles. Nobody knows who is assigned to what, because there are hundreds, if not thousands of roles to keep track of. We could try ABAC, but that leads to a whole different set of problems, including non-standard impls, complexity and lack of integrity. What’s can we do? There’s a way of having both together, capturing the strengths of each while limiting their shortcomings. This talk discusses standards-based RBAC and how it can be enhanced to eliminate long entrenched problems by sprinkling attributes into the mix. At the same time we’ll look at an open source implementation, Apache Fortress, that illustrates the techniques discussed in the talk using an LDAP data model.
The talk will center around a typical RBAC use case to implement fine-grained access control inside of a web app. The first demo will shows how RBAC fails. Another demo shows how dynamic role constraints solves the problem.
Shawn is a Software Architect Symas, ASF member, PMC chair Apache Directory project. He has twenty five years working as a security architect. First, in the financial services industry and of late, for a technology company.
Slides: apachecon.com/...
