===== Design Goals ===== === Access Control Framework === First goal is to define a basis, for all access control models to come. Design and implement a framework that provides a good infrastructure for the implementation of access control models. === Minimize Model Implementation === Include enough generic services in the framework to minimize the individual model implementation. This reduces the amount of code, which has to be checked for a correct model implementation, and thus, prevent possible errors. === Functional Separation === Clean separation between access control enforcement and decision components to prevent changes at several places in the case of a change in the implemented models. This also further reduces the size and complexity of the model implementation. === Model Combination === Support the flexible combination of an arbitrary number of concurrent access control models, leaving the choice for administrators of the model (or models) they need to use for each part of the system. === Modular Design === Make all components as modular as possible to provide a controlled flow of information, easier testing and better portability to other Unix family systems. === Accountability === Provide a protected logging of all security relevant actions as a general service, allowing every user and administrator to be held responsible for their actions and to build up non-disputable evidence in the case of a security compromise. === Extensive Control === Control all possible security relevant subjects and objects to avoid any bypassing of the access control system. === Network Control === Include sufficient mechanisms to effectively control the flow of information to and from remote systems over networks, from withing the access control framework. === Production Use === Keep the resulting system usable, stable, fast and flexible enough for production use in order to get extensive testing and feedback for the design and the implementation. \\ ---- **Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\ **Previous:** [[Design Goals]]\\ **Next:** [[Areas of Use]]