Project Description
Securing large number of hierarchically organized objects is not a trivial task. This library contains a C# implementation of Access Control Entry (ACE) based security.
The idea of Access Control Entries is as
old as it is simple: an operation (verb) maybe executed by a subject on a resource (securable) only if a tern S-V-S (Securable-Verb-Subject) exists and it evaluated to true (allow). In every other case the access
is denied.
Resources to be guarded may have a container-containable relationship. NSecurity supports security inheritance, that is, if no security is defined on resource's level, it inherits security definition on a parental level. If no ACEs are defined on a parental
level then grand-parental level is examined, and so on.
A subject (which is usually a user) may belong to a group (role). Roles themselves are subjects. If all, the subject and its roles allow access to the object, the operation is allowed. In every other case NSecurity denies access.
This security works much like
Windows NT Resource Security Model.