Project Description
Securing large number of hierarchically organized objects is not a trivial task. This library contains a C# implementation of Access Control Entry (ACE) based security.

The idea of Access Control Entries is as old as it is simple: an operation (verb) maybe executed by a subject on a resource (securable) only if a tern S-V-S (Securable-Verb-Subject) exists and it evaluated to true (allow). In every other case the access is denied.

Resources to be guarded may have a container-containable relationship. NSecurity supports security inheritance, that is, if no security is defined on resource's level, it inherits security definition on a parental level. If no ACEs are defined on a parental level then grand-parental level is examined, and so on.

A subject (which is usually a user) may belong to a group (role). Roles themselves are subjects. If all, the subject and its roles allow access to the object, the operation is allowed. In every other case NSecurity denies access.

This security works much like Windows NT Resource Security Model.

Last edited Mar 13, 2013 at 1:34 PM by ac2008, version 10