The following tables show current differences between the actual Permis version of VBS and the
version of the University of Kent.
Name |
Description |
Kent |
VBS |
File AC Repository |
An attribute certificate repository that read AC's from the local file system. |
|
|
LDAP AC Repository |
An attribute certificate repository that read AC's from a LDAP directory. |
|
|
WebDav AC Repository |
An attribute certificate repository that read AC's from a WebDav directory. |
|
|
Virtual AC Repository |
An attribute certificate repository that read AC's from different directories. |
|
|
Managed Permis |
A policy of a running PDP can be reloaded without restarting the PDP. |
|
|
Certificate Chain Verification |
Certificate chains with size greater than one are supported. |
|
|
PDP Setup |
PDP setup is simplified and a builder for a new PDP is provided. More than one PDP could
run on the same Java VM. (No static singleton configuration) |
|
|
Roles (RBAC 0) |
Role based access control. |
|
|
Role Hierarchies (RBAC 1) |
Hierarchical Role Based Access Control. A superior role gets all privileges of a
subordinate role. |
|
|
Target Access Rules |
A target access rule defines a set of roles that are allowed to access a target. |
|
|
Conditions for Target Access Rules |
Conditions are additional constraints that must be true for a target access rule. E. g.
access is only granted between 9am and 11am. |
|
|
Role Assignment Rules |
A role assignment rule defines which subjects are allowed to assign which roles, and if
a subject may delegate an assigned role. |
|
|
Obligations |
An obligation is an operation specified in a policy that should be performed by the PEP
Policy Enforcement Point in conjunction with the enforcement of an authorization decision.
(Kent Permis provides a simple String based implementation)
|
|
|
Static Separation of Duties (SoD) |
Define mutually exclusive roles. |
|
|
Dynamic Separation of Duties (DSoD) |
Define mutually exclusive roles in the context of a dynamic session.
(Kent-Permis provides a simple in-memory implementation)
|
|
|
Name |
Description |
Kent |
VBS |
Sign or Verify a Policy |
Creates an attribute certificate containing the actual policy or verify a signed policy.
|
|
|
Publish a Policy |
Publish a signed policy. E. g. in an LDAP directory. |
|
|
Create Role AC |
Create attribute certificates containing user role assignments. (Kent Permis has the
ACM Attribute Certificate Manager Editor). |
|
|
Connect to an LDAP directory |
Connect the editor to an LDAP directory for selecting resources. |
|
|
Connect to an WebDav directory |
Connect the editor to an WbDav directory for selecting resources. |
|
|
Problem View |
The editor provides a central problem overview, containing a list of all structural and
logical problems of the current policy. |
|
|
Human Readable Policy |
The editor provides a human readable description of the policy parts currently edited.
Includes also warnings about structural problems. This view can also show the current
Permis XML file.
|
|
|
Version Tagging of Policies |
Policies are under version control and the history of changes is saved. |
|
|
Comments for Policy Elements |
The user can write comments for policy elements and save them persistent. |
|
|
Tutorial / Help |
A help and a tutorial are available in the editor. |
|
|
Policy Wizard |
A simple wizard which helps a user to create a first initial policy. |
|
|
Integration Projects |
Several integration project (listed below) can be configured in the editor. |
|
|
Resources, Actions, Targets |
Edit simple concepts. |
|
|
Roles |
Edit roles and and role hierarchies. |
|
|
Target Access Rules |
Edit a target access rule, which defines a set of roles that are allowed to access a
target.
|
|
|
Conditions for Target Access Rules |
Edit constraints for target access rules. |
|
|
Role Assignment Rules |
Edit a role assignment rule, which defines which subjects are allowed to assign which
roles, and if delegation of role assignment is allowed. |
|
|
Obligations |
Edit an obligation, which must be enforced by the PEP. |
|
|
Static Separation of Duties (SoD) |
Edit mutually exclusive roles. |
|
|
Dynamic Separation of Duties (DSoD) |
Edit mutually exclusive roles in the context of a dynamic session. |
|
|
Name |
Description |
Kent |
VBS |
Automatic Continuous Integration |
The whole code basis is compiled hourly including running all unit test and code audit
tools. The result is outlined on a web page.
|
|
|
Unit Tests |
All source code is covered by unit tests. |
|
|
Integration Tests |
Testing of different interactions between systems. |
|
|
Checkstyle |
Is a code audit tool that check the code style of java code. |
|
|
PMD |
Is a code audit tool that check the source code for possible bugs, dead code, suboptimal
code, and duplicated code.
|
|
|
FindBugs |
Is a code audit tool that check the source code for possible bugs. |
|
|
Checkspace |
Is a code audit tool that check the source code for redundant spaces. |
|
|
Name |
Description |
Kent |
VBS |
XACML Support |
PDP and editor works with the XACML access control policy language.
|
|
|
SAML ADF |
Stand alone server that will accept incoming SAML authorization decision requests and
will respond with SAML authorization decision responses. |
|
|
Shibboleth |
An Apache module that uses Permis to control access to websites that use either Apache
or Shibboleth to provide user authentication.
|
|
|
WSDL Web Serivce Description Language |
Editor can import actions and resources from a WSDL file. |
|
|
Apache Web Server |
|
|
|
GT4 Permis Authorization Service |
Authorization service that can be deployed with the Globus Toolkit from version 4. |
|
|
Coordinated GT4 |
A coordinated authorization service that can be deployed with Globus Toolkit version
4.1.x.
|
|
|
.NET |
.NET interface for Simple Permis. |
|
|
Python |
Python interface for Simple Permis. |
|
|
OWL Web Ontology Language |
|
|
|