C103 Role Based Access

Owned by Jeremy Jeremy
Last updated: Oct 20, 2010Version comment
1 min read
  • Role based access control can be a bit of a misnomer
  • We all want a silver bullet that provisions and de-provisions resources as people are give attributes
  • In practice this often is handled with groups
  • The real goal is provisioning based on some central attribute store
  • The danger is in creating a one to one relationship between people and goals
  • Roles in OpenRegistry are made up of Title and Department (and campus and affiliation in some cases)
  • But Roles in OpenRegistry are more like relationships, a way to track information for each SoR, not necessarily for access control