Jump to content

PERMIS

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Spaceharper (talk | contribs) at 00:16, 16 June 2007 (cat, tag for wfy). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


PERMIS is a policy based authorisation system that implements the NIST standard RBAC and provides a privilege management infrastructure using encryption technologies (X.509 attribute certificates) to maintain users attributes. PERMIS can work together with other authentication system, it has been integrated with Shibboleth, Kerberos, PKI, and PERMIS itself can do simple username/password authentication. Like a standard RBAC system, its main entities are a policy, a user with roles, a resource and an action. PERMIS policy is an XML-based and can be encrypted within a X.509 certificate. The roles (users attributes) are held in a secure certificates too, PERMIS can parse the policy looking for rules that describe an access law of a resource depending on the roles the user has, and the environment – like time of the day. PERMIS can say whether the user is granted or denied access based on the policy for the target. It can work in push or pull mode (attributes are sent to PERMIS or PERMIS fetches them itself) and it is an open source project can be access on.

PERMIS is unique with its support to encrypting the attributes and the policy, which helps it to make sure the policies and the attributes have not been tampered with. New features have been added to it, like its ability to parse XACML policy, accept a SAML attributes in addition to its power of dynamic delegation of authority and separation of duties.

Retrieved from "https://en.wikipedia.org/w/index.php?title=PERMIS&oldid=138459644"