Thursday, July 23, 2009

Role Based Authentication & Authorization

Today’s most of the applications have role based authentication and authorization systems. On the surface it seems that it is very simple and straightforward but as we dive into details, various design challenges emerges.

In simplistic terms role based authentication and authorization can be depicted as



User 1 is assigned to Role 1
User 2 is assigned to Role 1, Role 2 and Role n
User 3 is not assigned to any Role
User p is not assigned to any Role

Role 1 has Permission 1 and Permission 2
Role 2 has Permission 2
Role 3 has no Permission
Role n has no Permission

Systems has Permission 1, 2, 3, …, m

As we go into details of Figure 1, one easily deduces that system can have orphan users, roles and permissions, which may not be feasible state for a system.

While designing a role based authentication and authorization architect and designers have numerous options and some of the options may be conflicting.

Option Type: Orphan status
Orphan Users -- Allowed/Not Allowed
Roles -- Allowed/Not Allowed
Orphan Permissions -- Allowed/Not Allowed

Option Type: Permission Type
Permission -- Only Positive/Only Negative/Both

Number of Roles to a User
One Role per User
Multiple Roles per User
Posted by tjain at 4:39 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)