Role-based security implementation in LDAP

Question

I\'m working on role-based security implementation in LDAP and Java. Specifically, I have the following objects that I need to represent in LDAP:

• Users
• Co

Answer 1

One more option: check out attribute-based access control (abac). ABAC is an evolution of RBAC. It uses attributes (which are labels about the user, the resource, the context) and policies to determine what is allowed and what isn't.

Example: A user with the role==manager in the department==sales can do the action==edit on a document of type==purchase order if the PO's amount<=the user's approval limit.

You can read more on ABAC at the NIST website.