GF.Permission Register

From OIAr
Revision as of 07:09, 5 April 2013 by Jan Schoonderbeek (talk | contribs) (GF added)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


This is a Generic Function document GF Permission Register Version: 0.3 OIAr logo
Document type: Generic Function Owner:

J.A.H. Schoonderbeek



Description

This Generic Function belongs to Working Area Middleware. This function offers a means to store and publish permissions (technical representations of business rules about infrastructural actions like reading or writing information). It usually accompanies a Permission Validation function.
Note that for many systems, its permissions are written in a format specific to that system: the capabilities of a Permission Register with respect to the kinds of permissions it can handle are hard-coded. This means that if a Permission Register (and Permission Validation) facility is positioned in an infrastructure landscape to authorize access to a set of resources, it cannot automatically be assumed fit to also authorize access to a new, different set of resources. E.g. a Permission Register that can hold s access control lists for web URIs cannot be assumed to also be able to hold access rules for a mail application.

Permission Register is modelled separately from Permission Validation for two major reasons:

  • to account for the security aspects (both in the sense that a Permission Register itself must be properly secured, and that positioning a Permission Register in an infrastructure overview serves as a focal point for security considerations), and
  • because the permissions that can be stored in a particular Permission Register instance are inherently limited to a specific set of actions for a specific (type of) infrastructure resource (as described above).

Icon

The image "Icon GF Permission Register.png" (shown below) can be used to represent this infrastructure function in graphical Pattern representations that it might be part of:

Icon for this function

Generic Patterns using this Generic Function

The following Generic Patterns use this function:

Semantic query
Generic PatternOwnerMaturity
Authentication & AuthorizationJ.A.H. Schoonderbeek3

Applied versions of this Generic Function

The following variants of this function have been defined:

Semantic query
No Applied Function based on this Generic Function (yet)