1. Field of the Invention
The present invention relates to the concurrent display of multiple, heterogeneous application components and more particularly to access control among multiple, heterogeneous application components.
2. Description of the Related Art
Access control relates to the moderation and limitation of access rights to resources in a computing system. Resources can range from documents to application logic and access rights can range from read-only access to full read, write and execute access. Oftentimes, access control can vary from user to user depending upon the trustworthiness of the user. Those having a higher level of trust are granted access permissions associated with a high degree of access, while those having a lower level of trust are granted only an amount of access permission required to achieve a specific objective. In this way, the exposure of the security and integrity of the underlying resources can be minimized.
Access control for an application having only a limited number of users can be relatively manageable. For each individual user, a requisite level of access can be determined subjectively, and corresponding access rights can be assigned to the user. For an application which involves a vast number of often unpredictable individual users, access control can be unmanageable. Where the requisite access rights change for individual users in the latter scenario, access control can be a disastrous proposition! In consequence, the notion of role-based access control evolved.
Role-based access control relates to the assignment of access rights not to an individual user, but to a role fulfilled by one or more individual users. Specifically, it can be more readily determined what level of access rights are to be afforded to a user who fulfills a particular role in an application, such as an administrator, guest, manager, executive and the like. In the concept of workflow, roles can be extended to the type of user responsible for a portion of a business process. In this way, though the identity and roles assumed by any one user can be fluid in nature, the access rights afforded to a user assigned to a specific role can remain relatively static. Consequently, the management of access rights, even for a vast number of users, can be dramatically simplified.
Identifying roles for a particular application can be a simple task so long as the number of roles is limited in nature. The complexity of managing different roles can increase, however, where multiple, different applications are involved. In the past, the singular management of multiple, disparate applications rarely had been an issue. More recently, the popularization of portal and application server technologies have given rise to a new breed of disparate application collections. In a heterogeneous collection of applications, however, similar roles can have disparate identifiers such that one can easily mistake two identical roles of different names as two different roles, or two different roles of identical names in different applications as the same role. Accordingly, the same problems akin to the granular management of access rights for individual users can be present in the heterogeneous application scenario.