PERMIS Project Web Site


PERMIS Contents

Home

Essentials Integration Projects Documents Developers Get Involved
PERMIS Home Page

Welcome to the PERMIS web site

There are two separate aspects to securing access to your computer based resources: determining who the users are, and determining what they are allowed to do. The first of these is called authentication, the second is called authorisation (or privilege management). PERMIS is an authorisation system that complements your existing authentication system.

So...

What does PERMIS do for you?

  • It helps to control access to your computer resources
  • When users request access to your resources, PERMIS makes the access control decisions for you based on your access control policies and the roles of the users
  • It uses only your policies, and makes sure they have not been tampered with first
  • It allows you to delegate to trusted individuals the ability to assign roles to users on your behalf
  • It makes sure that the trusted individuals do not exceed their delegated authority
  • It supports dynamic delegation of authority, which allows any user with a role to delegate it to other users in the same group
...and

What do you have to do for PERMIS?

  • Define who your users are, by defining the user groups and the roles that users can have
  • Write your authorisation policy
  • Assign roles to users or delegate this task to others
  • Establish agreements with other service providers, so that your users can use their resources and their users can use your resources
  • You will also need

    • An Authentication scheme, for example, username/password, Kerberos, PKI, etc.
PERMIS provides you with the software that makes access control decisions, and also gives you the tools for managing your policies, your role assignments, and delegations between users.

Uses of our software:

  • PERMIS Role Based Access Controls provides a Java API, so it can be embedded into virtually any application that requires user authorisation.

  • For some applications there is no need to write any code as PERMIS is already embedded in them. All you need to do is download and install PERMIS along with:
    • Globus Toolkit (v3.3 onwards). PERMIS authorisation can control access to Grid Services
    • Apache . PERMIS authorisaton can protect web sites
    • Shibboleth. PERMIS authorisation can be combined with Shibboleth's Single Sign-On to provide policy driven fine grained role based access controls within federations
    • .Net. PERMIS authorisation can be combined with Microsoft .Net to authorise web services
    • Python. PERMIS authorisation can be called from Python to provide the access controls for Python programs

Last updated 21 June 2006 


Last updated 20 July 2011