Download ppt - Common Solutions Group

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts

Database wikipedia , lookup

Microsoft Access wikipedia , lookup

Relational model wikipedia , lookup

Concurrency control wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Clusterpoint wikipedia , lookup

Object-relational impedance mismatch wikipedia , lookup

Database model wikipedia , lookup

Transcript 
MIT ROLES DB
CSG, May 2004
Previous Presentations
• Talk given by Jim Repa at EDUCAUSE
Conference (Long Beach, CA, Oct. 29, 1999)
– http://web.mit.edu/rolesdb/www/educause/educause.
html
• Talk given by Jim Repa to Common Solutions
Group (Chicago, Sept. 18, 1998)
– http://web.mit.edu/rolesdb/www/csg/csg.html
• Slides from Jim Repa's presentation of October
7, 1997
http://web.mit.edu/is/integration/presentation
s/roles_10071997/
A new perspective
• The MIT ROLES database is not a Roles
Based Access Control (RBAC) system
• It is a meta-authorization management
system
• An RBAC system could be built using the
MIT ROLES system
Characteristics
• Applications and services do not query or
update ROLES in real time.
• Data is extracted from the database and
transformed into native, legacy, format for
consumption
• We do not define a “role” that is then
applied to a number of users
• Roles does provide for inheritance of
authorizations
A Reminder
• An Authorization = PERSON + FUNCTION
+ QUALIFIER
• But the system also provides for starting
and ending dates
• In the future, an Authorization = object +
FUNCTION +QUALIFIER
The ROLES DB can be used to
form
•
•
•
•
•
Tables in other databases
Access Control Lists
LDAP groups
LDAP attributes
or populating configuration files such as
.k5login
• It could even be used to help formulate
policies within rule based systems.
Obstacles to usage
• Current access is via SQL*NET and
Oracle
• No APIs to ease access from native code
• Benefits accrue to departmental
administrators
• Benefits do not accrue to system
developers, system integrators, most of
central IS&T
Another obstacle
• No support for real-time or programmatic
updates of qualifiers
• There are OKI OSIDs to address this issue
but they have only been used against a
test instance at this time
Systems using ROLES in
production
•
•
•
•
•
•
•
•
•
SAP financials
Data Warehouse
Human Resource systems
NIMBUS budget system
Graduate Admissions
MIT ID database
access to student information in data warehouse
Environmental Health and Safety
miscellaneous administration tasks
Notable systems not using ROLES
at this time
•
•
•
•
•
•
•
•
•
•
•
•
•
AFS PTS
Moira
web publication
OCW
central Active Directory
Help desk tools including Casetracker, RT, Stock Answers and OLC
Stellar
any Library systems
COEUS
Student Information Systems
MIT Events Calendar
TechTime (Corporate Time)
access to buildings, parking lots, machine rooms, hazardous labs,
Some Statistics
• The number of authorization functions defined:
185
• The number of individual authorizations currently
defined: 63997
• The number of authorizations that have defined
boundary dates: 1159, of these 980 created by
department of Dean for Student Life
• The number of AFS and NFS groups defined in
Moira: 20955
• The number of other ACLs defined in Moira:
43215
Related documents
Prostetics - MIT Computer Science and Artificial Intelligence
Prostetics - MIT Computer Science and Artificial Intelligence
16 - MIT Computer Science and Artificial Intelligence Laboratory
16 - MIT Computer Science and Artificial Intelligence Laboratory
List comprehensions - MIT OpenCourseWare
List comprehensions - MIT OpenCourseWare
Lecture 11 - Detailed Description
Lecture 11 - Detailed Description
Dec. 9, 2013 One Writer's Beginning s, Part II
Dec. 9, 2013 One Writer's Beginning s, Part II
Articles - Lean Enterprise Institute
Articles - Lean Enterprise Institute
Audition Form The 25th Annual Putnam County Spelling Bee
Audition Form The 25th Annual Putnam County Spelling Bee
The purpose of this course is to give a student a view of the process
The purpose of this course is to give a student a view of the process
18.085 Computational Science and Engineering I MIT OpenCourseWare Fall 2008
18.085 Computational Science and Engineering I MIT OpenCourseWare Fall 2008
MIT AI Lab: John McCarthy - Computer and Information Science
MIT AI Lab: John McCarthy - Computer and Information Science
human networks
human networks
2002 MIT PSDAM LAB Example III – Pump, motor, & cylinder cont
2002 MIT PSDAM LAB Example III – Pump, motor, & cylinder cont
Document 8101259
Document 8101259
Institutional Data Flows at MIT
Institutional Data Flows at MIT
entire article.
entire article.
MIT 6.375 Lecture 01
MIT 6.375 Lecture 01
pptx - MIT
pptx - MIT
La Trobe Valley Sustainability Group
La Trobe Valley Sustainability Group
Something
Something
MIT 6.375 Lecture 01
MIT 6.375 Lecture 01
MIT Enterprise Architecture Guide
MIT Enterprise Architecture Guide
Educause Task Force on Systems Security
Educause Task Force on Systems Security