PERMIS

PERMIS

PERMIS (PrivilEge and Role Management Infrastructure Standards) is a sophisticated policy-based authorisation system that implements an enhanced version of the U.S. National Institute of Standards and Technology (NIST) standard Role-Based Access Control (RBAC) model. PERMIS supports the distributed assignment of both roles and attributes to users by multiple distributed attribute authorities, unlike the NIST model which assumes the centralised assignment of roles to users. PERMIS provides a cryptographically secure privilege management infrastructure (PMI) using public key encryption technologies and X.509 Attribute certificates to maintain users' attributes. PERMIS does not provide any authentication mechanism, but leaves it up to the application to determine what to use. PERMIS's strength comes from its ability to be integrated into virtually any application and any authentication scheme like Shibboleth (Internet2), Kerberos, username/passwords, Grid[disambiguation needed ] proxy certificates and Public Key Infrastructure (PKI).

As a standard RBAC system, PERMIS's main entities are an authorisation policy, a set of users, a set of administrators (attribute authorities) who assign roles/attributes to users, a set of resources that are to be protected, a set of actions on resources, a set of access control rules, and optional obligations and constraints. The PERMIS policy is eXtensible Markup Language (XML)-based and has rules for user-role assignments and role-privilege assignments, the latter containing optional obligations that are returned to the application when a user is granted access to a resource. A PERMIS policy can be stored as either a simple text XML file, or as an attribute within a signed X.509 attribute certificate to provide integrity protection and tampering detection. User roles and attributes may be held in secure signed X.509 attributes certificates, and stored in Lightweight Directory Access Protocol (LDAP) directories or Web-based Distributed Authoring and Versioning (WebDAV) repositories, or they may be created on demand as Security Assertion Markup Language (SAML) attribute assertions.

The PERMIS authorisation engine comprises two components: a Credential Validation Service that validates users' roles according to the user-role assignment rules, and the Policy Decision Point (PDP) that evaluates users' access requests according to the role-permission assignment rules (or access control rules). Access to a resource depends upon the roles/attributes assigned to the user, and the role-permission assignments, which can contain constraints based on the user's access request (e.g. "print less than 10 pages") and the environment (e.g. time of day). PERMIS can work in either push mode (the user attribute assignments are sent to PERMIS by the application) or in pull mode (PERMIS fetches the attribute assignments itself from LDAP/WebDAV repositories or SAML attribute authorities). PERMIS is an open source project and the Java source code can be downloaded from http://www.openpermis.org. Alternatively, precompiled Java libraries can be downloaded from http://sec.cs.kent.ac.uk/permis/.

PERMIS is unique with its support for cryptographically protecting the user attributes/roles and the policy, which guarantees their integrity and protects them from being tampered with. New features are continually being added to it, like a standard eXtensible Access Control Markup Language (XACML) interface which allows PERMIS and XACML PDPs to be seamlessly interchanged, the ability to accept SAML attribute assertions, support for dynamic delegation of authority and separation of duty policies, and the recent addition of a controlled natural language interface (in English) for writing simple PERMIS policies.

See also

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • permis — [ pɛrmi ] n. m. • 1721; de permettre ♦ Autorisation officielle écrite. Permis de construire, de démolir. Journaliste muni d un permis de circuler. ⇒ laissez passer, sauf conduit. Permis de chasse, de pêche. ⇒ licence. Permis d inhumer. Permis de… …   Encyclopédie Universelle

  • Permis A — Permis moto en France En France, il faut être en possession du permis A pour pouvoir conduire une moto[1], sauf dans le cas d une compétition sportive ou d un entrainement[2]. Les motos sont classées en fonction de leur cylindrée et de leur… …   Wikipédia en Français

  • permis — permis, ise 1. (per mî, mi z ) part. passé de permettre. Qu il est loisible, accordé de faire, de dire. Les choses permises. •   Mais c est un jeune fou qui se croit tout permis, Et qui pour un bon mot va perdre vingt amis, BOILEAU Sat. IX..… …   Dictionnaire de la Langue Française d'Émile Littré

  • permis — PERMÍS, permise, s.n. Autorizaţie scrisă, eliberată de un for competent, în virtutea căreia cineva poate exercita o profesiune sau poate beneficia de anumite drepturi. Permis de vînătoare. – Din fr. permis. Trimis de oprocopiuc, 18.03.2008. Sursa …   Dicționar Român

  • permis — Permis, [perm]ise. part …   Dictionnaire de l'Académie française

  • Permis — Sur les autres projets Wikimedia : « Permis », sur le Wiktionnaire (dictionnaire universel) Le terme « permis » désigne tout à la fois, par métonymie, un document délivrant une autorisation administrative et l ensemble… …   Wikipédia en Français

  • PERMIS — n. m. Permission écrite. Il se dit particulièrement en matière de Douanes et de Police. Demander, obtenir un permis. Il a montré son permis. Permis de séjour. Permis de chasse. En termes de Chemin de fer, Permis de circulation ou simplement… …   Dictionnaire de l'Academie Francaise, 8eme edition (1935)

  • Permis B — Cette page d’homonymie répertorie les différents sujets et articles partageant un même nom. Permis B peut correspondre à : un permis de conduire des véhicules légers en Europe. un permis de travail en Belgique. Voir aussi Permis A Catégorie  …   Wikipédia en Français

  • PERMIS — s. m. Permission écrite. Il se dit particulièrement en matière de Douanes et de Police. Demander, obtenir un permis. Il a montré son permis. Permis de chasse …   Dictionnaire de l'Academie Francaise, 7eme edition (1835)

  • permis — pp., autorisé : PARMÈTU, wa / ouha, wè / ouhe (Albanais.001c / Saxel.002), PARMÈ, TA, E (001b, Annecy, Giettaz, Thônes), parmi, za, e (001a, Arvillard.228, Chambéry, Doucy Bauges). A1) n, permis (de chasse, de pêche, de conduire) : PARMI nm. (001 …   Dictionnaire Français-Savoyard

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”