Security

Diffusion® works on a RBAC - Role Based Access Control system or role-based security. This topic provides a basic understanding about Diffusion®'s security structure, focusing on:

Key terms

Role-based security

A system where access is not granted to individual users, but only to roles. Users are assigned to roles. A user who is assigned to a role will have access to the set of permissions that are associated with that role.

Principal

This is the name of the user or the program which is trying to connect to Diffusion®.
It is basically your Diffusion® user name.

Session

When a client connects to Diffusion®, the instance of the connection is called a session. Although a session can continue/resume when a connection is lost and resumed when reconnected.

Credentials

This is your Diffusion® password.
It could be in the form of a password, or any other information used to authenticate the user, such as a cryptographic key or an image.

Authentication

The information needed to authorise a session to access Diffusion®.
This is a combination of your Principal and Credentials.

Roles

A role is a set of permissions which allows you to perform actions within Diffusion®.

Permissions

Permissions determine the actions a session can perform.
Permissions are contained within roles.