CEC: Enterprise Level Role Based Access Control and the Coming Perfect Storm
By yakshaving on Oct 09, 2007
IdM and RBAC are the next "new thing" Manage roles not users.
Why is it a perfect storm. SOX, Periodic Access Review. larger numbers of users, LDAP has good penetration. RBAC clarification in the industry from NIST.
- Level 1, flat
- Level 2 hierarchial
- Level 3, constrained
- must enforce separation of duties at the role level
- static and dynamic (check at session creation and deny)
- Level 4, symetrical with permission review
- SOD inspection of permissions granted by roles in addition to role conflicts
- performance must be roughly equiv