Security
Diffusion® works on a RBAC - Role Based Access Control system or role-based security. This topic provides a basic understanding about Diffusion®'s security structure, focusing on:
Key terms
Role-based security
A system where access is not granted to individual users, but only to roles. Users are assigned to roles. A user who is assigned to a role will have access to the set of permissions that are associated with that role.
Principal
This is the name of the user or the program which is trying to connect to Diffusion®.
It is basically your Diffusion® user name.
Session
When a client connects to Diffusion®, the instance of the connection is called a session. Although a session can continue/resume when a connection is lost and resumed when reconnected.
Credentials
This is your Diffusion® password.
It could be in the form of a password, or any other information used to authenticate the user, such as a cryptographic key or an image.
Authentication
The information needed to authorise a session to access Diffusion®.
This is a combination of your Principal and Credentials.
Roles
A role is a set of permissions which allows you to perform actions within Diffusion®.
Permissions
Permissions determine the actions a session can perform.
Permissions are contained within roles.