|Page maturity |
This page has maturity level 2 (young)
|Document type:||Generic Function||Owner:|
|This function offers a means to store and publish permissions (technical representations of business rules about infrastructural actions like reading or writing information).|
This Generic Function belongs to Working Area Middleware.
This function offers a means to store and publish permissions (technical representations of business rules about infrastructural actions like reading or writing information). It usually accompanies a Permission Validation function.
Note that for many systems, its permissions are written in a format specific to that system: the capabilities of a Permission Register with respect to the kinds of permissions it can handle are hard-coded. This means that if a Permission Register (and Permission Validation) facility is positioned in an infrastructure landscape to authorize access to a set of resources, it cannot automatically be assumed fit to also authorize access to a new, different set of resources. E.g. a Permission Register that can hold s access control lists for web URIs cannot be assumed to also be able to hold access rules for a mail application.
Permission Register is modelled separately from Permission Validation for two major reasons:
- to account for the security aspects (both in the sense that a Permission Register itself must be properly secured, and that positioning a Permission Register in an infrastructure overview serves as a focal point for security considerations), and
- because the permissions that can be stored in a particular Permission Register instance are inherently limited to a specific set of actions for a specific (type of) infrastructure resource (as described above).
Generic Patterns using this Generic Function
The following Generic Patterns use this function:
|Authentication & Authorization||J.A.H. Schoonderbeek||3|
Applied versions of this Generic Function
The following variants of this function have been defined: