Jan Schoonderbeek: GF added

2013-04-05T05:09:49Z

GF added

New page

{{Maturity|2}}
{{Pageheaderbox4GF
|name=Permission Register
|WorkingArea=Middleware
|version=0.3
|owner=J.A.H. Schoonderbeek
|summary=This function offers a means to store and publish permissions (technical representations of business rules about infrastructural actions like reading or writing information).
}}
This function offers a means to store and publish permissions (technical representations of business rules about infrastructural actions like reading or writing information). It usually accompanies a {{FriendlyPageLink|GF.Permission Validation}} function.<br>
Note that for many systems, its permissions are written in a format specific to that system: the capabilities of a Permission Register with respect to the kinds of permissions it can handle are hard-coded. This means that if a Permission Register (and Permission Validation) facility is positioned in an infrastructure landscape to authorize access to a set of resources, it cannot automatically be assumed fit to also authorize access to a new, different set of resources. E.g. a Permission Register that can hold s access control lists for web URIs cannot be assumed to also be able to hold access rules for a mail application.

Permission Register is modelled separately from Permission Validation for two major reasons:
* to account for the security aspects (both in the sense that a Permission Register itself must be properly secured, and that positioning a Permission Register in an infrastructure overview serves as a focal point for security considerations), and
* because the permissions that can be stored in a particular Permission Register instance are inherently limited to a specific set of actions for a specific (type of) infrastructure resource (as described above).
{{FunctionIcon
|image=Icon GF Permission Register.png
}}
{{Text Footer GF}}

GF.Permission Register - Revision history

Jan Schoonderbeek: GF added