http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660Take a look at how Lucene works, by default, it will loss the actual value and hold only the search vector http://ayende.com/4618/security-models-on-behalf-of#comment8http://ayende.com/4618/security-models-on-behalf-of#comment8Wed, 15 Sep 2010 13:48:24 GMTDear Ayende, Loosing indexing is alright in this case to fulfill the requirment. Can you please elaborate the solution involving Lucene? Regards, http://ayende.com/4618/security-models-on-behalf-of#comment7http://ayende.com/4618/security-models-on-behalf-of#comment7Wed, 15 Sep 2010 13:45:15 GMTFarooq, You can't, really. There are solutions that you can use, but there has to be something that can see all the data. And say goodbye for indexing as well. What you probably want to do is to push it to an external lossy index (say, Lucene with Store=No). This can give you what you want there. http://ayende.com/4618/security-models-on-behalf-of#comment6http://ayende.com/4618/security-models-on-behalf-of#comment6Wed, 15 Sep 2010 10:48:21 GMTI am looking on how can the Rhino Security or another way of data security, can best handle the following scenario. I have a table "Employees" and along with other columns, there is a string column "Referred By" and requirements is to keep this column's data as encrypted or encoded so even Postgresql DBA can't see the column's data. From UI perspective, the requirement is the as user will type characters in the 'Referred By' text box, a like search with entered characters will be performed just like Firefox's quick search functionality, e.g. if 'Andr' is entered then all records with Andr% needs to be fetched and shown. Just to remind, this column's data needs to be either encrypted or encoded or some way of DB plus NHibernate security to prevent the contents of this column to be seen from Postgresql DBA. How can this situation be managed? http://ayende.com/4618/security-models-on-behalf-of#comment5http://ayende.com/4618/security-models-on-behalf-of#comment5Wed, 15 Sep 2010 10:19:07 GMTWS-Trust has ActAs and OnBehalfOf built in. Granted, it's not the slimmest protocol, but it is "standardized" and a lot of security professionals understand it. Even if you don't use it directly, you could explain your own system in terms of that and the "sale" of the feature might be easier. http://ayende.com/4618/security-models-on-behalf-of#comment4http://ayende.com/4618/security-models-on-behalf-of#comment4Tue, 07 Sep 2010 14:35:46 GMTRobert, No, RS is for making security decision. You app need to provide the user instance, and you can certainly provide a different user than the logged on one. http://ayende.com/4618/security-models-on-behalf-of#comment3http://ayende.com/4618/security-models-on-behalf-of#comment3Mon, 06 Sep 2010 07:25:40 GMTThe 'On behalf of' feature was one of the core components I introduced in my authorization project. The difference between 'on behalf of' and the standard user was captured in 'active user' and 'logged in user'. The majority of authorizations were set on the basis of 'active user'. There was also of subset crucial allowances which based on the 'logged in user', hence, logging as another user did not allow you using these rights. http://ayende.com/4618/security-models-on-behalf-of#comment2http://ayende.com/4618/security-models-on-behalf-of#comment2Mon, 06 Sep 2010 07:21:59 GMTI would really like to see a practical post about impersonation and audit logging for users acting on behalf of others. Does Rhino Security embed this kind of functionality? http://ayende.com/4618/security-models-on-behalf-of#comment1http://ayende.com/4618/security-models-on-behalf-of#comment1Sun, 05 Sep 2010 09:45:25 GMT