|
PERMIS Contents
Essentials
Integration Projects
Documents
Developers
Get Involved
|
|
PERMIS Home Page
Welcome
to the PERMIS web site
There are two separate aspects to securing access to your computer based
resources: determining who the users are, and determining what they are
allowed to do. The first of these is called authentication, the second
is called authorisation (or privilege management). PERMIS is an authorisation
system that complements your existing authentication system.
So...
What does PERMIS do for you?
-
It helps to control access to your computer resources
-
When users request access to your resources, PERMIS makes the access control
decisions for you based on your access control policies and the roles of
the users
-
It uses only your policies, and makes sure they have not been tampered
with first
-
It allows you to delegate to trusted individuals the ability to assign
roles to users on your behalf
-
It makes sure that the trusted individuals do not exceed their delegated
authority
-
It supports dynamic delegation of authority, which allows any user with
a role to delegate it to other users in the same group
...and
What do you have to do for PERMIS?
-
Define who your users are, by defining the user groups and the roles that
users can have
-
Write your authorisation policy
-
Assign roles to users or delegate this task to others
-
Establish agreements with other service providers, so that your users can
use their resources and their users can use your resources
You will also need
-
An Authentication scheme, for example, username/password, Kerberos, PKI,
etc.
PERMIS provides you with the software that makes access control decisions,
and also gives you the tools for managing your policies, your role assignments,
and delegations between users.
Uses of our software:
-
PERMIS Role Based Access Controls provides a Java API, so it can be embedded
into virtually any application that requires user authorisation.
For some applications there is no need to write any code as PERMIS
is already embedded in them. All you need to do is download and install
PERMIS along with:
-
Globus Toolkit (v3.3 onwards). PERMIS authorisation can control
access to Grid Services
-
Apache . PERMIS authorisaton can protect web sites
-
Shibboleth. PERMIS authorisation can be combined with Shibboleth's
Single Sign-On to provide policy driven fine grained role based access
controls within federations
-
.Net. PERMIS authorisation can be combined with Microsoft .Net to
authorise web services
-
Python. PERMIS authorisation can be called from Python to provide
the access controls for Python programs
|
Last updated 21 June 2006 |
|
