What is Sevaflex?
Sevaflex security is an enhanced RBAC model with some elements of a Discretionary
Access Control (DAC) model. With DAC, a subject with a certain access permission
is capable of passing that permission on to any other subject. Because Sevaflex
is secured using its own security model and implements row-level permissions, it
is possible to delegate security management and provide discretionary control. Additionally,
in Sevaflex's enhanced RBAC implementation, no Role or privilege information is
hard-coded; all Roles/privileges, as well as the implementation details and definition
of the Roles/privileges, are defined through configuration.
-
Goals
Cross-platform support (Web/Windows/SOA)
Adaptable to any UI presentation
Support for Anonymous Users
Row-level security
Integrated Audit
Integrated Logging to multiple destinations
High granularity of securable objects
-
Methodology
Configuration-based security: remove code-layer implementation of Roles/privileges
Simplified and standardized implementation: 2 to 3 lines of code to load, 1 line
to implement where necessary, identical implementation across platforms and applications
Roles and role hierarchy defined through dynamic configuration
Hierarchical security with inheritance, to reduce administrative overhead and only
secure necessary objects
Security by concept (vs. task); Concept list extensible (can create new concepts)
Groups/users from native, any, or multiple providers, such as Active Directory,
ADAM, or a proprietary application/security store
-
Advantages
Coding is straightforward
Application-level administration is easy
Role or privilege list is defined dynamically through configuration
Roles/privilege combinations very large, offering extremely fine granularity
Self-documenting (no examination of code to determine implementation)
RBAC/DAC hybrid improves standard RBAC to defeat role-bleed
Fully developed application-independent administration console
|