Access Control Model
Rules for accessing information objects in the PKI-as-a-Service Portal:
General rule is the "need to know" principle, which limits access of users to the minimal information required to perform a task.
Service Requests
A person is granted read access, if
- the person is the originator or recipient of the service request,
- the person has the role auditor assigned,
- the service request is assigned to a role the person has or
- the person was involved in a state change for this service request.
Rule 1 ensures that everyone has access to his own requests. Rule 2 ensures that the auditor role has full information access. Rule 3 ensures that scheduled work on a service request can be seen by person that have the required role. Rule 4 ensures that everyone who worked in a service request can see the progress and state.
Subjects
A person is granted read access to the subject, if
- it is the person itself,
- the subject is public,
- the person has role auditor,
- the person has the manager role for this subject or
- the subject is managed by the same role as the person.
Rule 1 ensures that every can see himself Rule 2 ensures that public entities (e.g. public trust centers) can be seen Rule 3 ensures that the auditor has full read access Rule 4 ensures that managed subjects can be seen by the managing role Rule 5 ensures that members of a group can see each other
Person
Persons are either self-enrolled or enrolled by a managing trust center. In the later case, the Person is managed by the RA role of the trust center.
System
Systems are always managed by a role. Only that role has access to the system information.
TrustCenter
Persons with the RA or CA role of that trust center has see the trust center subject.
Certificates
- A person can see the certificate, if the person can see the associated service request.
- A certificate without an associated service request can only be seen by a person with the auditor role.
Holder
- A person can see the holder, if the person can see the associated subject.