Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

sessions in RBAC

 
T Mishra
Ranch Hand
Posts: 108
Eclipse IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am trying to implement user access control based on RBAC model. I referred to the following links

http://www.mind-it.info/2010/01/09/nist-rbac-data-model/
http://www.cs.purdue.edu/homes/ninghui/readings/AccessControl/ANSI+INCITS+359-2004.pdf

I haven't understood this part clearly - use of Session with User and Roles. Any use case where session can be used to activate the roles ?

Is it correct to understand that the session is stored in database for validation so that if any user has fiddled over session it can be validated ?How frequently should this validation be implemented on the server side ? I understand that using ORM tool like Hibernate can store the value in persistence layer but wouldn't this additional validation hit performance ?

RBAC is a established model for over a decade. Are most of the security frameworks today based on RBAC ?

Thanks for your time
 
T Mishra
Ranch Hand
Posts: 108
Eclipse IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
May be helpdful to somebody else interested in RBAC
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic