I'd look heavily into using XACML for specifying your access rules. We use it as part of the Fedora repository system and we are able to do just what you describe using the mechanisms already provided by the software.
Here's what I would do before you take another step! Build a threat model - what are you trying to protect the documents from? Who is the attacker? do you care about disclosure? tampering? origination? Once you have a threat model, you can determine if you have the approp mitigations in place. You can start with the Microsoft SDL Threat Modeling tool http://www.microsoft.com/downloads/details.aspx?FamilyID=A48CCCB1-814B-47B6-9D17-1E273F65AE19&displaylang=en
发布评论
评论(2)
我会认真考虑使用 XACML 来指定您的访问规则。我们将其用作 Fedora 存储库 系统的一部分,并且我们能够使用这些机制执行您所描述的操作软件已经提供了。
I'd look heavily into using XACML for specifying your access rules. We use it as part of the Fedora repository system and we are able to do just what you describe using the mechanisms already provided by the software.
在你采取下一步之前我会做以下事情!构建威胁模型 - 您想保护文档免受什么威胁?攻击者是谁?你关心披露吗?篡改?起源?一旦有了威胁模型,您就可以确定是否采取了适当的缓解措施。您可以从 Microsoft SDL 威胁建模工具 http://www.microsoft.com/downloads/details.aspx?FamilyID=A48CCCB1-814B-47B6-9D17-1E273F65AE19&displaylang=en
Here's what I would do before you take another step! Build a threat model - what are you trying to protect the documents from? Who is the attacker? do you care about disclosure? tampering? origination? Once you have a threat model, you can determine if you have the approp mitigations in place. You can start with the Microsoft SDL Threat Modeling tool http://www.microsoft.com/downloads/details.aspx?FamilyID=A48CCCB1-814B-47B6-9D17-1E273F65AE19&displaylang=en