'Re: data level entitlements'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: data level entitlements
From:       Jeffrey Walton <noloader () gmail ! com>
Date:       2012-06-29 0:23:21
Message-ID: CAH8yC8=7vTvM3V=4ZE=w4V2H7p=Q3VM=Ps+JqK=JUyVU6dcWPw () mail ! gmail ! com
[Download RAW message or body]

Hi Thugzclub,

On Thu, Jun 28, 2012 at 3:07 PM, Thugzclub <thugzclub@googlemail.com> wrote:
> All,
> 
> Does anybody know where I can get some info on "data level entitlements"
Jeff Six has a nice example using a client side email client in
Application Security for the Android Platform
(http://shop.oreilly.com/product/0636920022596.do).

Data level entitlements sometimes goes by other names, such as fine
grained permissions. Android exposes fine grained permissions through
their UriPermission object.

You might also encounter coarse grained permissions. These permissions
would allow a user to use the application and often uses usernames and
passwords.

As a concrete example, think of a mobile banking application (taken
from my experience in financial security). The bank would give you
access to your account through use of a mobile banking application.
You would log on with a {username,password} pair and get a token back.
The log on and token are serviced by the coarse grained system. To
view your account information, the fine grained system would kick-in
and use the security context (available in the token from the coarse
grained system) and only return records related to your account (and
not information from other customers).

Jeff

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate.  We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic