Basic knowledge of Rights management

What is Rights Management

As long as there are users involved in the system generally have rights management, rights Management to achieve the user access system control, according to security rules or security policy control users can access and only access their authorized resources.

Rights management includes two parts: User authentication and authorization.

User authentication

User authentication, the user to access the system, the system to verify the legitimacy of user identity. The most common methods of user authentication: 1, User name password method, 2, Fingerprint punch, 3, certificate-based authentication method. The system verifies that the user's identity is legitimate and the user can access the system's resources.

Key objects

Subject: The main body, understanding for the user, may be the program, all to access the system's resources, the system needs to subject identity authentication.

Principal: Identity information, usually unique, a principal has more than one identity, but there is one master identity information (primary principal)

Credential: Credential information, can be password, certificate, fingerprint.

Summary: The subject is required to provide identity information and credential information for identity authentication.

User authorization

User authorization, simple understanding as access control, after the user authentication through, the system to the user access to resources control, the user has access to resources to access.

Key objects

The process of authorization is understood to be: what does the Who do with what (which)?

Who: the subject is subject,subject after the authentication through the system access control.

What (which): Resource (Resource), subject must have access to the resource to access the resource. Resources such as: System user list page, product modification menu, Commodity ID 001 product information.

Resources are categorized as resource types and resource instances :

The user information of the system is the resource type, which is equivalent to Java class.

The user with ID 001 in the system is the resource instance, which is equivalent to the new Java object.

How: Permissions/Permission (permission), for resource permissions or licensing, subject has permission access to resources, how to access/operation needs to define permission, permissions such as: User Add, user modification, product deletion.

Basic knowledge of Rights management