Click here to Skip to main content
15,882,464 members
Home / Discussions / Design and Architecture
   

Design and Architecture

 
GeneralRe: Literature on designing and implementing an access control system Pin
D4rkTrick9-Dec-23 4:52
professionalD4rkTrick9-Dec-23 4:52 
GeneralRe: Literature on designing and implementing an access control system Pin
jschell11-Dec-23 4:27
jschell11-Dec-23 4:27 
AnswerRe: Literature on designing and implementing an access control system Pin
Gerry Schmitz8-Dec-23 7:17
mveGerry Schmitz8-Dec-23 7:17 
GeneralRe: Literature on designing and implementing an access control system Pin
D4rkTrick9-Dec-23 4:52
professionalD4rkTrick9-Dec-23 4:52 
GeneralRe: Literature on designing and implementing an access control system Pin
Gerry Schmitz9-Dec-23 11:01
mveGerry Schmitz9-Dec-23 11:01 
GeneralRe: Literature on designing and implementing an access control system Pin
D4rkTrick10-Dec-23 3:30
professionalD4rkTrick10-Dec-23 3:30 
GeneralRe: Literature on designing and implementing an access control system Pin
Gerry Schmitz10-Dec-23 7:27
mveGerry Schmitz10-Dec-23 7:27 
PraiseRe: Literature on designing and implementing an access control system Pin
D4rkTrick6-Jan-24 21:18
professionalD4rkTrick6-Jan-24 21:18 
Here's the literature I was able to find through libera on IRC. Very helpful to me. Hopefully also helpful for other people reading this..

Online:

Books


In regard of books I found that looking at the references can help. In combination with archive.org's free book library it's possible to skim over books quite quickly

Specific topics

Object Capability System:


Quote:
the object graph is the permission graph, and so there are no separate access control checks that you have to make like shown in that slide. An object has authority to call methods on another object if and only if it actually has a reference to that other object.


Links:
- Habitat Chronicles: What Are Capabilities?
- http://erights.org/talks/thesis/markm-thesis.pdf
- Bringing Object-orientation to Security Programming (Mark S. Miller, Google) - YouTube

OT
Here's some basic insight I've gained during looking at various sources.

The basic question you want to get answered is has_access(user, action, resource).
Example: has_access(uid, read, user_list).
You might want to take it even more abstract and say has_access(entity, action, resource), where entity could be a user, a group, an organization or anything else that is able to perform actions in your system. Perhaps even has_access(resource, action, resource) might be an appropriate abstraction.

With a hierarchical permission structure, you would need a recursive check function:
r = resource
loop:
  if(r.has_access(user, action)) return true
  r = r.parent()
  if( r == null) return false

If a resource can be owned by several parents, you would need to account for that with r.parents().
SuggestionIODA - Architecture Ralf Westphal - Anyone use it also? Pin
Ralf Peine 202329-Nov-23 4:14
Ralf Peine 202329-Nov-23 4:14 
GeneralRe: IODA - Architecture Ralf Westphal - Anyone use it also? Pin
Mircea Neacsu29-Nov-23 10:47
Mircea Neacsu29-Nov-23 10:47 
GeneralRe: IODA - Architecture Ralf Westphal - Anyone use it also? Pin
Ralf Peine 202329-Nov-23 21:39
Ralf Peine 202329-Nov-23 21:39 
GeneralRe: IODA - Architecture Ralf Westphal - Anyone use it also? Pin
jschell30-Nov-23 6:12
jschell30-Nov-23 6:12 
GeneralRe: IODA - Architecture Ralf Westphal - Anyone use it also? Pin
Gerry Schmitz30-Nov-23 16:20
mveGerry Schmitz30-Nov-23 16:20 
GeneralRe: IODA - Architecture Ralf Westphal - Anyone use it also? Pin
Ralf Peine 202330-Nov-23 20:42
Ralf Peine 202330-Nov-23 20:42 
GeneralRe: IODA - Architecture Ralf Westphal - Anyone use it also? Pin
Pete O'Hanlon3-Dec-23 20:35
mvePete O'Hanlon3-Dec-23 20:35 
QuestionValidate Data Format Pin
Kevin Marois15-Nov-23 13:05
professionalKevin Marois15-Nov-23 13:05 
AnswerRe: Validate Data Format Pin
Gerry Schmitz15-Nov-23 14:21
mveGerry Schmitz15-Nov-23 14:21 
GeneralRe: Validate Data Format Pin
Kevin Marois16-Nov-23 8:05
professionalKevin Marois16-Nov-23 8:05 
GeneralRe: Validate Data Format Pin
Gerry Schmitz16-Nov-23 9:49
mveGerry Schmitz16-Nov-23 9:49 
GeneralRe: Validate Data Format Pin
Kevin Marois16-Nov-23 10:46
professionalKevin Marois16-Nov-23 10:46 
GeneralRe: Validate Data Format Pin
Gerry Schmitz16-Nov-23 15:57
mveGerry Schmitz16-Nov-23 15:57 
AnswerRe: Validate Data Format Pin
jschell16-Nov-23 5:26
jschell16-Nov-23 5:26 
GeneralRe: Validate Data Format Pin
Andre Oosthuizen18-Nov-23 7:18
mveAndre Oosthuizen18-Nov-23 7:18 
QuestionHow to address security in white label software Pin
mozilly2-Nov-23 21:54
mozilly2-Nov-23 21:54 
AnswerRe: How to address security in white label software Pin
Gerry Schmitz5-Nov-23 5:06
mveGerry Schmitz5-Nov-23 5:06 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.