Hello all
I'm making some research on authorization. I'm
describing RBAC to secure Web application, however,
sometimes web application have more granurar and
especial requierements. For example, in a Workflow,
authorization to perform an action is not only
dependant of user permissions but of worflow item
state (you cannot allow aproval on an item if it is
not complete even if the user is an approver).
So... my question is, do you know about a tool to
describe this in a document, something like a well
defined "workflow tree methodology" or similar.
Thank in advance,
Juan Carlos
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.espanol.yahoo.com/
-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Apr 12 2006
Intro
