What does PERMIS stand for?
What does PERMIS mean? This page is about the various possible meanings of the acronym, abbreviation or slang term: PERMIS.
What does PERMIS mean?
- PERMIS is a sophisticated policy-based authorisation system that implements an enhanced version of the U.S. National Institute of Standards and Technology standard Role-Based Access Control model. PERMIS supports the distributed assignment of both roles and attributes to users by multiple distributed attribute authorities, unlike the NIST model which assumes the centralised assignment of roles to users. PERMIS provides a cryptographically secure privilege management infrastructure using public key encryption technologies and X.509 Attribute certificates to maintain users' attributes. PERMIS does not provide any authentication mechanism, but leaves it up to the application to determine what to use. PERMIS's strength comes from its ability to be integrated into virtually any application and any authentication scheme like Shibboleth, Kerberos, username/passwords, Grid proxy certificates and Public Key Infrastructure. As a standard RBAC system, PERMIS's main entities are an authorisation policy, a set of users, a set of administrators who assign roles/attributes to users, a set of resources that are to be protected, a set of actions on resources, a set of access control rules, and optional obligations and constraints. The PERMIS policy is eXtensible Markup Language-based and has rules for user-role assignments and role-privilege assignments, the latter containing optional obligations that are returned to the application when a user is granted access to a resource. A PERMIS policy can be stored as either a simple text XML file, or as an attribute within a signed X.509 attribute certificate to provide integrity protection and tampering detection. User roles and attributes may be held in secure signed X.509 attributes certificates, and stored in Lightweight Directory Access Protocol directories or Web-based Distributed Authoring and Versioning repositories, or they may be created on demand as Security Assertion Markup Language attribute assertions.