What is Sevaflex?

Sevaflex security is an enhanced RBAC model with some elements of a Discretionary Access Control (DAC) model. With DAC, a subject with a certain access permission is capable of passing that permission on to any other subject. Because Sevaflex is secured using its own security model and implements row-level permissions, it is possible to delegate security management and provide discretionary control. Additionally, in Sevaflex's enhanced RBAC implementation, no Role or privilege information is hard-coded; all Roles/privileges, as well as the implementation details and definition of the Roles/privileges, are defined through configuration.

  • Goals

    Cross-platform support (Web/Windows/SOA)

    Adaptable to any UI presentation

    Support for Anonymous Users

    Row-level security

    Integrated Audit

    Integrated Logging to multiple destinations

    High granularity of securable objects

  • Methodology

    Configuration-based security: remove code-layer implementation of Roles/privileges

    Simplified and standardized implementation: 2 to 3 lines of code to load, 1 line to implement where necessary, identical implementation across platforms and applications

    Roles and role hierarchy defined through dynamic configuration

    Hierarchical security with inheritance, to reduce administrative overhead and only secure necessary objects

    Security by concept (vs. task); Concept list extensible (can create new concepts)

    Groups/users from native, any, or multiple providers, such as Active Directory, ADAM, or a proprietary application/security store

  • Advantages

    Coding is straightforward

    Application-level administration is easy

    Role or privilege list is defined dynamically through configuration

    Roles/privilege combinations very large, offering extremely fine granularity

    Self-documenting (no examination of code to determine implementation)

    RBAC/DAC hybrid improves standard RBAC to defeat role-bleed

    Fully developed application-independent administration console