/
C103 Role Based Access

C103 Role Based Access

Oct 20, 2010

  • Role based access control can be a bit of a misnomer

  • We all want a silver bullet that provisions and de-provisions resources as people are give attributes

  • In practice this often is handled with groups

  • The real goal is provisioning based on some central attribute store

  • The danger is in creating a one to one relationship between people and goals

  • Roles in OpenRegistry are made up of Title and Department (and campus and affiliation in some cases)

  • But Roles in OpenRegistry are more like relationships, a way to track information for each SoR, not necessarily for access control