I got the Red Cover edition of Elliott Jaques’s book today. I could have saved some cash and ordered it from Australia, but I figured that the Friends To The North would ship more quickly. And they did: it arrive a week and a half after my ABEBooks order. I have no idea what the Red Cover edition comes from. …
Teesside Confidentiality Model as presented at SACMAT
this year. Regretfully, I didn’t attend but I have been pouring through the proceedings. As I promised months ago, this post highlights some of the more interesting points for those of us doing access control technologies for software systems.
Role Based Access Control (RBAC) vs. Access Control Lists (ACLs)
Executive Summary From a security perspective, RBAC always provides superior security to ACLs. However, there are places where the cost of using RBAC would be too high. These include: the security of Windows file systems, Oracle/Sybase/SQL Server DBA and employee-specific functions such as where an employee manages his or her own 401(k). Developers should use RBAC in almost all cases. …