You are looking for terms and explanations that are very ambiguous and overloaded currently. What you need to do is find software that fits your security model needs. Apache Shiro with its permissions concept seems to do what you desire.
What I suggest is for you to get a good understanding how Shiro permissions concept works, use it in a prototype to determine if this is really what fits your need, and go from there. > On May 22, 2016, at 10:58 PM, Sigmund Lee <[email protected]> wrote: > > Interesting, I found another Apache incubating project called OpenAZ that > aimed to supply tools and libs for ABAC(Attribute-based Access Control) > development: > > https://wiki.apache.org/incubator/OpenAZProposal > > Can I ask why another access control project under Apache? > Can anyone here please help me how can I implement a attribute-based access > control, does Shiro have natural support for ABAC, or using other opensource > project like OpenAZ(still incubating though)? > >> On Sat, May 21, 2016 at 2:29 PM, Sigmund Lee <[email protected]> wrote: >> We need a externalized access control system since authorization we >> currently implemented is hard-coded everywhere and was so hard to maintain. >> So I googled and found a interesting article on Shiro official site: >> >> http://shiro.apache.org/2011/05/24/the-new-rbac-resource-based-access-control.html >> >> About models of Access Control, there are many: >> https://en.wikipedia.org/wiki/Access_control#Access_control_models >> >> But Resource-Based Access Control is not on the list, and I cant find any >> page on web about this model except above link. >> >> So my question is, is this Resource-Based Access Control similar or >> identical to ABAC(Attribute-based access control)? Can I adopt Shiro as our >> Access Control solution based on attributes of Subject/user, resource(aware >> of this, that's why role-based access control is inappropriate) and >> environment/context? >
