A Model for Access Control Management in Distributed Networks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Model for Access Control Management in Distributed Networks"

Transcription

1 A Model for Access Control Management in Distributed Networks Master of Science Thesis Azadeh Bararsani Supervisor/Examiner: Dr. Johan Montelius Royal Institute of Technology (KTH), Stockholm, Sweden, 2006

2

3 Abstract Nature of the networks has migrated from pure client-server nature to distributed networks in which many machines share their resources and functionalities with others. As the resources become distributed in the network, providing security in such systems becomes a challenging problem. What makes the problem interesting is that we would like to provide security for a system that is dynamic and does not have any centralization in its nature. The main challenge about management in such systems is that whether the management of the resources should be distributed or centralized. There have been many efforts to address this problem and there are several solutions available, each of which answers special needs and fits for a specific system. However when it comes to resource providers contribution in managing access to their resources there exists some cases that the current models do not cover very well. As an evolution on this way, we propose a solution that let the providers contribute in managing access to their resources. Though the access management would be distributed in the network, but still there will be the possibility to have an overall view about permissions and resource allocations.

4 Dedicated To My Loving Parents

5

6 Acknowledgement I would like to thank my supervisor and examiner Dr. Johan Montelius, for being such a nice and supportive teacher and friend to me. Despite all my fluctuations through my work, he guided me patiently all the time.

7

8 Table of Contents 1 Introduction 1.1 Motivation Problem Definition Thesis Outline Background 2.1 Peer-to-Peer Networks Authentication Authorization Access Control List (ACL) Role Based Access Control Access Control Policies Policies vs. Security Mechanisms Access Control in Distributed Networks 3.1 Distributed Networks and Access Control Distribution of Policies Centralization of Policies Criteria for Choosing a Proper System Some Current Models Which model to use? The suggested model in this thesis Access Control Standard 4.1 extensible Access Control Markup Language XACML Advantages XACML Framework More on PDP XACML Policies Policy and PolicySet Combining Algorithms Deny-overrides Combining Algorithm Ordered-deny-overrides Combining Algorithm Some Open issues of XACML Fitting in the Desired Model into the Standard i

9 5 Proposed Solution 5.1 Problem Review Distribution of Access Management in XACML More on Distribution of Policies Evaluation of Policies Distribution of Policies and Central Evaluation Multiple Policies for a Resource Combining Policies Administration and Supervision Results and Future Work 6.1 Results Achieved Failures Future Work References Appendix A A.1 Policy Target A.2 Policy Rule ii

10 iii

11 Chapter 1 Introduction 1.1 Motivation As the number of resources 1 grows in the networks, nature of the networks is changing from centralization to distribution of the resources and services. Several computers on the networks may share their resources and form peep-to-peer distributed networks. While we benefit from the various resources availability in the network, managing secure access to those resources becomes a challenging problem. There are many security aspects to be considered when one node in the network asks for accessing another node s resource. Apart from confidentiality and data integrity, it is important to know about the identity of the requester. This is the process of authentication that makes sure that the requester is actually the one who he or she claims to be. A common example for authentication is the usual login mechanism that asks the users for their identity by providing a user name and password. Apart from authenticating the requester it is important to know about whether he or she is allowed to access the requested resources or not, and if allowed what type of access is permissible for him or her. This process, which is called authorization, is necessary to be done after authentication, because then the system knows about the identity of the requester. Therefore it can, based on the defined restrictions for 1 A resource could be anything to which access may need to be controlled, such as a file, an application, a printer, a special service, etc. 1

12 accessing each resource the system, make a decision about whether to grant access to the requester or not. Regarding users authorization, each system and network can define and use its own access control mechanism. However, this makes systems collaboration very hard, specially in the case of distributed networks where nodes from different networks may connect to each other. Therefore using a common standard for managing access control would be a solution to handle communication between different access control systems [14]. In order to address this issue, OASIS 1 has defined extensible Access Control Markup Language (XACML). XACML provides an access control policy language that is for defining restrictions for accessing each resource together with a request and response language. It also provides a framework which uses the policy language. 1.2 Problem Definition Authorization is based on the considerations and restrictions that are defined in each system for resource usages. In non-distributed systems it is natural to consider that point to be the central resource providers. So each user who wants to access a resource queries that central point. Based on the considered restrictions, the central resource provider would decide whether to grant access or not. In distributed networks the resources are not all located on central points, but rather they may belong to different distributed nodes. There is no central point in the nature of the network structure. Though it is possible to consider such a point for controlling the resource assignments, and some models do it [4, 11], it may not always be desired. The reason could simply be that the distributed resource providers may also want to play a role in managing access to their resources. They 1 OASIS (Organization for the Advancement of Structured Information Standards) is a notfor-profit, global consortium that drives the development, convergence, and adoption of security and e-business standards, 2

13 may have their own local restrictions to be considered that the central administration might not be aware of. Moreover the resource providers can reduce the burden of handling the policy management from the central administration. On the other hand, leaving the whole responsibility to the resource providers [3], is not always desired either. There are some cases where the central administration may want to contribute in access management. Or if they do not contribute, they may need to have an overall view about permissions and resource assignments in the system. But if the resource principals manage access to their resources by their own, without any contact with the systems administration, it would be impossible for the administration to have a true view about the resource assignments in the network. The question is how to let the resource providers contribute in managing access to their resources. This thesis provides a model that considers the providers restrictions about accessing their resources, but it does not leave the whole management to them. The central administration, too, can have its own restrictions. This results in a combination of distributed and central management. As a second goal it investigates how to change the model that it prioritizes the local providers decision over that of the administrator. The proposed model uses XACML standard as an access control framework. 1.3 Thesis Outline Chapter 2 describes the technical background of the thesis work. After a brief introduction to distributed networks, it explains about some security issues and then focuses on authorization and different ways of doing it. Chapter 3 talks about access control in distributed networks, reviews some existing models and mentions each one s pros and cons. At the end it points to the suggested model that this thesis work suggests. Chapter 4 introduces the XACML standard and how is handles access control. It points out open issues of this standard that will be later used for the suggested model. Chapter 5 reviews the problem and proposes a solution and 3

14 explains how it covers the required characteristics. Chapter 6 talks about the results of this work and suggests some future works. 4

15 Chapter 2 Background 2.1 Peer-to-Peer Networks Peer-to-peer networks, as the name implies, are networks that all the peers (machines) play the same role. Peer-to-peer networks are different from the clientserver networks where the communication is to and from a central server. In peer-topeer systems, resources are distributed in the network. In many such networks, nodes communicate with each other without interference of any central server, i.e. each node is both client and server to the other nodes. Whenever a node is sharing its resources with other nodes it acts as a server, while later when that same node is using another node s resource it acts as a client. Peer-to-peer networks may consist of nodes from widely heterogeneous systems. Although peer-to-peer networks are mostly known as file-sharing networks, the resources that each peer may share could be either its storage (files) or computation (CPU). The latter is also called grid networks. In this thesis the main focus would be on file-sharing networks, though they share a lot in the concept. Any machine that receives a request for accessing its resource needs to make sure whether it should share its resource with the requester or not. Such assurance is addressed by some security mechanisms in the networks. The resource owner needs both to authenticate the requester and authorize him or her; meaning that it needs to 5

16 make sure if the requester is the one who he or she claims to be (authentication), and also it needs to make sure if the requester has the right to have access to that resource or not (authorization). 2.2 Authentication Authentication is the process of identifying an individual and making sure that an entity is actually the one that he or she claims to be. Authentication does not say any thing about whether the authenticated identity has the right to access a resource or not. Regarding authentication, there are quite a few security mechanisms that give the possibility to authenticate users who want to access resources of the network. Depending on the sensitivity of the data, different methods could be used to provide the level of protection that is needed. 2.3 Authorization Authentication alone could not be enough for granting access to the resources. The fact that you are you does not mean that you have the right to access any resource that you ask for. However you need to be authorized too. Authorization is the process of determining whether an identity has the right to access a resource or not, and based on that, whether the access should be granted or not. Determining about the access rights could be based on several aspects. It could be based on things like identity of the requester or whether the requester has enough qualifications. Moreover, Access control could be based on some environmental aspects like time of requesting, the domain or the IP address of the machine from which the request is coming from, etc. Some systems differentiate between these two types, calling the first type as authorization and the second as access control. However, this context does not separate them. It refers to either authorization or access control as permission i.e. whether one is allowed to be granted access to a resource or not, be it correlated with the identity, or some environmental conditions. 6

17 Authorization, or access control, is the process of determining whether permission should be granted to an entity to use a resource or not. There are some authorization methods available in order to determine if an entity holds a right for a type of access Access Control List (ACL) Access Control List (ACL) is a traditional method for authorization. ACL provides a list of entities along with the resources that they can use, and type of access that they can have to those resources. The list is provided based on the identity of the requester or the process that is making the request. ACLs could be implemented either on a separate central server that others would query it, or it could be implemented on each resource. However, each case has its own problems. Having the list on a separate server is good in the sense that if there are any changes regarding some authorized entities or resource usages, it has to be applied to one place only. For example if a new user joins the network, it is just the central ACL who needs to update its list regarding which resources the new user is authorized to access and what type of access he or she has. Then whenever each resource gets a request from any user it only have to query the central ACL to know whether it should grant access to that resource or not. However, this means that the server is like a bottleneck for keeping the list updated. On the other hand, each resource can have an ACL of its own. This way, in case of any changes in the network, keeping the ACLs updated would be a trouble. Updating messages makes a burden on the network traffic. In addition, having delay in updates may lead to unwanted grants. Using ACLs, whether implementing them centrally or distributed, is not known an efficient solution any more. The reason is that ACL does not cover all the restrictions one may want to apply for accessing a resource. It might be desirable to grant access to entities based on some attributes that they hold, or some other environmental restrictions. For example a resource provider may want to permit 7

18 access to its resource based on time of the request. ACL, as the name implies, consists of list of authorized entities and the resources that they are allowed to access. It grants permission or denies the requests based on the identity of the requester. In other words, it gets user s identity together with the resource being asked and checks it against the list that it possesses, and says whether the access should be granted or not Role Based Access Control Role Based Access Control or RBAC in short, is another approach in access control [2]. In RBAC, users are assigned to different roles, and each role is assigned to some privileges. So the access decisions would be based on the role that each user has. For example, if an RBAC system is used in a hospital, a user that is known as a doctor would have all the privileges that are define for the role of doctor. In RBAC, each user might be assigned to one or more roles, and each role is assigned to one or more privileges Access Control Policies A policy is a set of rules that is considered for accessing a resource. Whenever a request comes for accessing a resource, the corresponding policy for that resource would be checked. A policy has one or some conditions and based on meeting the conditions it decides about whether to grant permission to the requester for accessing a resource or not. Most access control models have some entities: Subject that could be a user or process, Right that could be reading a file or editing it, and Object that is actually the resource, e.g. a file or service. So a policy is about all these entities, plus that it can filters the subjects by some Conditions. Therefore, a policy could be such a combination: Allow subject S to have the right R on the object O under the Condition C. 8

19 Note that policies are related to resources not the requesters. So whenever a requester wants to access a resource, the corresponding policy for that resource is checked before granting access, but not the reverse. Policies could be based on different attributes, i.e. if the requester qualifies some attributes the permission would be granted. This is a more general approach than relying on user s identity (as in ACLs). Moreover attributes could be based on environmental features, e.g. the IP address of the machine that the request is coming from or time of the day that the request is made. In other words, policies select legal requests based on its condition. Therefore, in this thesis work, policies are chosen as a more general way of access control. 2.4 Policies vs. Security Mechanisms A security policy, as we just went through, defines the legal actions for authorized users. However, a security mechanism is the procedure, method or tools that those policies could be enforced. For example, think of a user who is trying to access a specific service on the network. And let s suppose that the requested service has a policy for accessing it. The security mechanism will activate a pop up window on the user s screen for authenticating and authorization of him or her. Therefore, it is the security mechanism that is responsible for performing the authentication and authorization process and then will lead him or her to access that resource if allowed. Access control actually consists of both policies and security mechanisms. In this thesis, the focus is on managing policies for accessing a resource. It does not investigate how the user is actually granted access to the resource, but rather it is about figuring out if the permission should be granted for accessing the resource or not. 9

20 Chapter 3 Access Control in Distributed Networks 3.1 Distributed Networks and Access Control Managing access control in distributed networks is a tough problem, since there is no centralization in the nature of the network. In distributed environments, many nodes may share their resources, and many of those resources might need to consider restrictions for accessing them. So here comes the question of who should take care of the policies and set them up? Should each resource have its own local policy, or should there be a central administration? Where to locate them? And how should we keep them up-to-date? There might be more than one principal regarding one same resource, each of which may want to set its own policy and consideration for that resource. This is especially true in distributed networks. For example owner of a mainframe may want to restrict the run time that each user can have, and the author of a program may like only special users have the possibility to run her code. Therefore, running that specific code on that mainframe needs satisfying two different policies. How to sum up different policies for one same resource is sometimes a challenging problem. In the above example the decision should be made by both policies together, i.e. users allowed by the program s author can run the code on the mainframe on the specific 10

21 time allocated to them. However, there might be some conflicts among the existing policies of a resource. Then it is necessary to decide which policies have priority over the others. Moreover, the policies are better to be set by an entity in the network that knows enough about resources, their restrictions, special resource sensitivities, and also about existing entities, etc., so that it can set up policies appropriately. Therefore, here comes the question of who should take the responsibility of access control policies. There are two main strategies regarding access control. One strategy is to let each resource provider manage access to its resource by itself, or in other words having distribution of policies. The other one is to have a centralized policy system. One can also think of combining these strategies and defining some kind of cooperation. The requirements enforced by the networks make each one be the right choice for different cases. 3.2 Distribution of Policies Resource owners may be reluctant to share their resources if they cannot have any control over their resources. The reason could be that a resource owner does not completely trust the central administration, and it wants to decide about the access to its resources by its own. In addition, resource providers may want to play a role in controlling their resources, not because they do not trust the administrator, but because there might be some immediate local considerations that only the resource owner is aware of, and it should influence the policies considered for accessing that resource. Instead of following the process of informing the central administrator about the new considerations, we can think of giving the resource providers the possibility to define some policies locally. 11

22 3.3 Centralization of Policies Since there might be several principals for one same resource, it is natural to consider policies distribution. However, if there is more than a single policy for accessing a resource, we need to have some kind of centralization for considering all of those policies together and coming up to one result. Also there might be some conflicts among those policies. Applying an algorithm for coming up to a final result would not be possible unless all those policies are evaluated in one point. As an advantage of centralized policy management it should be mentioned that it provides the possibility for the centralized administration to have a global view about available resources and entities of the system. Moreover, it knows about what kind of access permissions each entity holds regarding the resources. In addition, a centralized model can better keep the authentication and authorization information updated. Therefore, it seems that a centralized management can handle setting up policies better than the distributed management model. 3.4 The Criteria for Choosing a Proper Strategy Either to implement distributed or centralized management of access control depends on the characteristics of the specific network and application. There are several considerations that lead a system to define its desired access management model. Among others, these are some factors that are of importance when deciding about which strategy to choose: 1. The resource providers may want to play a role in managing access to their resources. 2. There might be more than one principal regarding some resources, each of which may want to contribute in managing access to that resource. 3. It may happen that the system s administrator also wants to have a role in controlling access to the resources. 12

23 4. It might be desired to have an overall view about the resource allocations in the network. 5. One other point is that neither the resource providers nor the system administrator may want to leave the control completely to the other one. 6. It is desired that the system needs the least possible changes in its configuration when a new user joins the network. 3.5 Some Current Models There are several systems defined that use either centralization or distribution or the combination of both for managing access control. Each model fulfills some of the defined criteria. 1. The Community Authorization Service [5, 15] solves the access management issue by distinguishing authorization and permission. In this model a resource owner creates permissions for accessing its resource, saying that for example the authorized users can access my resource. However this is the central administration who defines users authorization regarding access to the network resources. This prevents the administration to take the whole control of accessing resources, and also take the whole burden of access control from the provider. However, there is the risk that the local providers may misuse their role and imposing the administrator to obey it or the reverse. In order to prevent this and provide more balance, this model adds sanctions and rewards to the system. In brief, it is a centralized management model being controlled by distributed resource providers. 2. The Tivoli Policy Director [11] provides a centralized management model. Such a centralized model has an overall view of the network resources, and this means that it can set up appropriate privileges. In this model, there is no distribution in this solution, which means that the resource providers cannot contribute in managing access to their resources. 13

24 3. Automated Configuration of Grid Services [4] puts a step forward and defines two hierarchies of administration for setting up policies. It gives the lower hierarchy higher priority, so that it would override the other one in case of any conflict between the policy of two hierarchies. The reasoning behind this strategy is the belief that the more local administrator is more likely to know about the restrictions of the resources. However, even though the lower hierarchy is more local than the higher, both are administrators and the real resource providers play no role in managing access control for their resources. 4. Administrative Delegation in XACML [17, 18] explains a controlled policy model by using extensible Access Control Markup Language, which is an access control standard. It addresses administrative control over the resources. In this model, the privileges could be delegated to other entities too. This gives the possibility of defining different levels of administration, starting from the central administration down to the resource providers. However, all the work is under the supervision of the central administration; meaning that the resource owners could only contribute in access management if the central administration permits them for that. 5. GRUBER [8] is an architecture that is defined for resource usage service level agreement (SLA). It addresses the providers' contribution regarding resource usage policy (that is about restrictions of the resources). However, it does not address the resource access policy (that covers authorization of the requesters). 6. The Manager-Agent Delegation (MAD) is a framework that is defined for distributed management applications [11]. The purpose behind this work is again to avoid having a bottleneck for managing the resources. It reduces the central management burden by delegating it to other agents. In this framework, a process that delegates responsibilities to another process is referred to as a MAD manager. The process that receives the delegated responsibilities is referred to as a MAD agent. It enables a manager to transfer the responsibility for performing certain functions to a remote agent. It allows the agent to perform these functions independently of the 14

25 manager's execution, except were coordination is required. Even though this framework involves distribution of management, but it concerns about certain functions rather than the resources that the providers share. 7. After all, most of peer-to-peer file-sharing systems [3] consist of individual administered node. Such systems are completely self-organized, and there is no centralization as the configuration manager. Each resource owner would locally decide about whether to grant access to the coming requests or not. In such systems, it is not possible to have an overall view about resource allocation in the network. Another drawback of this model is that it does not address considering multiple principals for granting access. But it fits for the cases where the resources have only one principal and it wants to handle access permissions to its resource all by its own without any need for centralized control or vision. 3.6 Which model to use? Either to implement distributed or centralized management model for access control, or a combination of both depends on the characteristics of the specific network and the special functionality that is needed. Each of them has its own pros and cons that make it be a proper match for a specific system. Regarding the resource providers contribution, there exists some cases that the existing models do not cover properly. Some of them let the providers contribute after granting the permission by the central administration, which means that though they can play a role in access management, but their contribution is still dependant on the system s central administration. Some others leave the control completely to the providers, making it impossible for the administrator to have a correct picture of rights and resource usages in the systems. Some solutions work for the grid networks, but do not cover the file-sharing networks, and some others only care about resource usage policies and forget about resource access policies. 15

26 3.7 The Defined Model in this Thesis Resource providers may have their own criteria about accessing their resources. After all, the resource providers better know about local restrictions or they might not want to leave the whole control to the central administration. Therefore it is desired to consider their restrictions besides those of the administrator when making decision about access control. This thesis defines a model that gives the resource principals the possibility to define their own restrictions for accessing their resources, either resource usage policies or resource access policies. This could be together with the central administration s criteria as another principal of the resource. In case there are any conflict between the providers permissions and that of the administrator, it would be desirable to override the resource providers permission, since they better know about the local restrictions of the resource. Meanwhile the model gives the central administration the possibility to have an overall view about the resource allocations in the network, whether it participate in defining restrictions for access control or not. As an access control framework, this work uses the XACML standard. The reason why we chose a standard for access control is that it makes it possible to connect different systems together. Before putting the solution into the framework of the standard, we will have a short review on XACML in the coming chapter. 16

27 Chapter 4 Access Control Standard 4.1 extensible Access Control Markup Language extensible Access Control Markup Language or XACML in short, is an OASIS 1 standard that is designed for controlling access to connection of multiple networks. The XACML standard [8] defines both syntax and semantics of an access control language and a framework that the language works within. See Figure 4.1. Access Control Framework XACML Standard Policy Language Access Control Language Request/Response Language Figure 4.1 XACML Standard 1 OASIS (Organization for the Advancement of Structured Information Standards) is a notfor-profit, global consortium that drives the development, convergence, and adoption of security and e-business standards, 17

28 In order to consider restrictions about accessing resources, XACML defines policies. Policies are defined by the special policy language that is provided by the standard. Policy language gives the possibility to define rules for accessing the resources. A policy is simply in the form of who can do what on which resources. In addition, XACML defines another language that is a request-response language that is for expressing the request for accessing a specific resource and type of access, or for presenting the reply back to the requester. 4.2 XACML Advantages There are several advantages in using XACML as an access control framework [1]: It is a standard access control framework. Therefore it has been reviewed by a large community of many experts and users. Moreover, different systems using this standard can connect to each other without worrying about making any changes in their access control structure. XACML provides a generic access control language, which means it could be used for any kind of resource. In addition, it can cover any type of restriction, including authorization restrictions or environmental limitations. Once a policy is defined it can be used by any kind of application. This makes connection of systems very easy. It is a distributed framework; meaning that a policy can refer to other policies that might be in other locations. This gives the possibility to have different policies regarding one same resource managed by different entities. The standard also defines the way how to combine those policies together. It is a powerful standard. It supports a collection of data types, functions and rules. It also has extensions on integrating with other standards such as SAML [19] and LDAP [13]. 18

29 4.3 XACML Framework The typical XACML usage scenario is shown in Figure 4.2. The requesting entity sends a request to whatever is protecting the resource, e.g. a web server or file system. This point is called Policy Enforcement Point (PEP) in XACML standard. The PEP receives the requests and put them in the form of XACML request language. The reason why PEP form the request in the XACML request language is that PEP is in contact with Policy Decision Point (PDP), which understands the requests that are in XACML request language. Access Request (1) Granting Access (6) User PEP Policy Enforcement Point Resource XACML Request (2) XACML Response (5) PDP Policy Decision Point Request for Related Policies (3) Related Policies (4) PAP Policy Administration Point Figure 4.2 XACML Framework PDP, as its name implies, is the point where the decision is made about the coming request for accessing resources. It decides whether the requester should be granted the permission to access a resource or not. PDP makes the decisions based on the policy that is set for accessing that resource. PDP contacts Policy Administration Point (PAP) for getting the corresponding policy. There should be only one policy that applies to the request, otherwise it is an error. 19

30 PAP is actually where the security policies are defined. PAP may store policies in several repositories. However, as we will later talk more about it, the XACML specification [8] does not mention any restriction on location of the policies. Whenever PDP receives a request, it checks it with the corresponding policies and comes up to a decision about whether access should be granted to the requester or not. After making the decision it sends the reply back to the PEP. As the Figure 4.2 shows, PEP is actually on the way between the requester and the resource. Based on the decision, PEP would either grant access to the requester or deny it. It may happen that PEP, PDP and PEP are contained in a single point, or they might be distributed among several servers. Finally, after evaluation, the decision made for a request could be Permit, if the requested access is allowed for that entity, or it could be Deny if that entity is not allowed for having that type of access to the resource. In case where the PDP cannot find any Policy that matches the request, the result would be Indeterminate. After all, if the PDP cannot locate the Policy whose target matches the request, the result would be NotApplicable. 4.4 More on PDP What should not be misunderstood about the PDP is that it does not provide access to the resources, but rather it just makes the decision about which entities are permitted to access the resources. It makes the decision based on the policies that the resource principals have set up beforehand about accessing the resources. So when the PDP receives a request for accessing a resource 1, it checks the policy (policies) for accessing that resource. If it finds that the requester is not authorized to access that resource, it notifies the requester about it (see Figure 4.3). If the requester is known as authorized it passes the request to the resource. This means that no resource 1 Actually this is PEP that receives the requests, put them in the XACML request language and send them to the PDP. The assumption here is that PEP and PDP are combined together. 20

31 provider would receive an access request unless that request has passed through the PDP server. So the requester has the permission to access that resource. Then the resource provider would offer the requester the requested resource without interference of the server (see Figure 4.4). B A Request for Accessing B s Resource (1) You are not allowed to Access B s Resource (2) PDP Server Figure 4.3 A asks for accessing B s resource (1). Since A is not authorized to access B s resource, PDP server sends a negative response back to A (2). Offering the Resource (3) B Passing A s Request to B (2) A Request for Accessing B s Resource (1) PDP Server Figure 4.4 A asks for accessing B s resource (1). Since A is authorized to access B s resource, PDP passes the request to B (2), then B offers its resource to A (3). 21

32 4.5 XACML Policies A policy is a set of rules and actions together that restricts access to a resource. In other words, a policy defines which identities are allowed to access a resource, and what type of access they can have. It can also define some other environmental restrictions about the access. To have a better understanding about how a policy looks like we start with a simple example. Suppose that the sensitive resource that we want to protect is a book, and Alice wants to read that book. Then the policy associated to the book defines whether Alice can read it or not. In XACML, a policy for Permitting Alice to Read the Book can simply look like Figure 4.5. <Policy> <Target> <Subject>Alice</Subject> <Resource>Book</Resource> <Action>Read</Action> </Target> <Rule>Permit</Rule> </Policy> Figure 4.5 A Simple Schema of an XACML Policy In XACML, each access control policy consists of different elements. The main elements of each policy are target and rule (see Figure 4.6). Policy Target Rule Target Condition Figure 4.6 Components of an XACML policy 22

33 The policy target specifies what resources the policy is defined for. It is used for determining about which policy to use for a received request. In the above example, Alice s desire to read the book is the target. The policy rule may narrow down the conditions for which the policy could be used for and given that the stated conditions are met it defines whether the result is Permit or Deny. In the stated example, the rule does not have any condition and it Permits the access. More information about policy target and policy rule could be found in the Appendix A along with an example. 4.6 Policy and PolicySet There could be cases where it is needed to define more than one policy for a resource. For example a policy may restrict a resource usage by the requester s identity and another policy may put restrictions on the duration that the resource could be used. However, the PDP would apply only one policy to each request. Here is where the policyset comes in. A PolicySet is like a container that can include many other Policies or PolicySets inside, either explicitly or by reference to policies on remote locations (see Figure 4.7). Using a policyset, the PDP would apply only one policyset to the request. PolicySet PolicySet Policy Policy Policy Policy Figure 4.7 A policyset may consist of any number of policies or policysets 23

34 Since a PolicySet may contain multiple Policies or PolicySets, and each of them may result in different decisions, there needs to be a way for PDP to solve this confliction. This issue is addressed by using combining-algorithms. 4.7 Combining Algorithms As different policies may result in different decisions, it is needed to consider an algorithm for coming up to a final result. Combining algorithms are defined in XACML to address this issue. Combining Algorithms could be used either by a policy to apply it to its rules or by a policyset to use for its policies. In order for a combining algorithm to find a way to solve the confliction, it needs to prioritize some policies over the others. XACML standard [8] has defined six combining algorithms for combining policies, which are Deny-override, Ordereddeny-override, Permit-override, Ordered-permit-override, First-applicable, Only-oneapplicable. In addition to the existing algorithms one can also define an algorithm for special cases that is not addressed by the existing ones. We will review some combining algorithms that later on we will point to in this work Deny-overrides Combining Algorithm Deny-overrides is one of the combining algorithms that is defined in XACML. In this algorithm, the deny decision takes precedence over any other decision. In other words if any of the policies being evaluated result in deny, the evaluation of the policyset would be deny. If all the policies in a policyset evaluate to NotApplicable the evaluation of the whole policyset would be NotApplicable. If any error happens while evaluating the target of a policy, or if a policy reference could not be found or if the evaluation of the policy is Indeterminate the final result of the evaluation of the policyset would be deny. Table 4.1 shows the behavior of the Deny-override algorithm. 24

35 Table 4.1 The table shows the behavior of the Deny-override algorithm for combining two policies (X=anything, N/A=Not Applicable, Indet.=Indeterminate) Policy 1 Deny Permit Permit Permit Indet. Indet. N/A Policy 2 X Permit N/A Indet. N/A Indet. N/A Result Deny Permit Permit Deny Deny Deny N/A Ordered-deny-overrides Combining Algorithm The functionality of this algorithm is the same as Deny-override algorithm. The only difference is that in Ordered-deny-override policies would be evaluated based on the order that they come in the policyset. To difference between Deny-override and Ordered-deny-override algorithms is that Deny-override algorithm allows the PDP to optimize evaluation; meaning that it might have already obtained certain attributes that allows it to efficiently evaluate some policies, but not others. By evaluating those policies first, if it comes to any Deny result it does not need to evaluate other policies any more. Or regarding the policies that are included by reference in the policyset, the PDP may already have cached some of them, so it can evaluate them more efficiently than those it has not retrieved yet. Again, evaluating those cached policies may result in a Deny decision and it would not be needed any more to evaluate more policies. However, with Ordered-deny-override the evaluation will be done according to the order of the policies in the policyset, regardless of whether some of them could already be evaluated. 25

36 4.8 Some Open issues of XACML Regarding the location of policies, the XACML standard [8] says that XACML policy statements may be distributed in any one of a number of ways. But, XACML does not describe any normative way to do this. Therefore there is no special restriction about where the policies should locate. Members of the OASIS XACML language Technical Committee have suggested the use of Lightweight Directory Access Protocol (or LDAP in short) [10] for the distribution of XACML policies. So, after policies are set up by system s administrator, they could be distributed among some information directories. Though system s administrator, in most usages, is assumed to be centralized at PAP [12, 21], but the standard [8] does not make any restriction about whether the policies should be administrated centrally or in a distributed manner. 4.9 Fitting in the Desired Model into the Standard This work uses the openness of the XACML standard concerning the location of policies and policies administration and benefits these by defining a model that let the resource providers control access to their resources. This could be achieved by letting the resource providers define their own policies for accessing their resources. The administrator, too, may define its own policy for the resources. Finally the access management would be achieved by a cooperation of these two. 26

37 Chapter 5 Proposed Solution 5.1 Contribution of the Resource Principals in Access Management The model that is defined in this work lets the resource principals contribute in managing access to their resources. The principal of a resource is primarily the resource owner. The administrator might also be another principal of a resource. Therefore when we talk about contribution of the resource principals we mean having cooperation between the distributed resource owners and the central administration, in case the central administrator is another principal for the resource. 5.2 Distribution of Access Management in XACML The access management model that the XACML standard provides is controlled by policies. Therefore, in order to take the access management control in hand, one needs to set up policies and use them in the desired way. According to the specification [8], the Policy Administration Point (PAP) is the one that creates the policies. However, the standard does not mention anything specific about the identity of the administrator. In order for the resource providers to contribute in access management, it is essential to let them set up policies of their own. This way, just as the resources are distributed in the network, the policies would be as well. The administration may also have policies to be considered for accessing each resource. 27

38 5.3 More on Distribution of Policies The term Distribution of Policies as stated in the standard [8] points to the location of policies rather than distribution of the administration. In addition, distribution of policies to different locations is explained by using several databases [10, 13]. This is while the databases are administrated centrally by the PAP without any correlation to the resource providers. However, the idea here is to let the resource providers set up policies of their own. It also gives the resource providers the possibility to administrate their own local policies, and if necessary make some changes whenever needed. This does not mean that the central administration cannot set up any policy. Every resource may have different principals, each of which may want to have its own restrictions, and the central administration (here PAP) could be one of the resource principals. As an example we can think of a mainframe that shares its processor with different users programs. The administrator of the system may have his own restrictions about the duration of time that each user can use the processor. In addition, each user may have his own considerations about who should be able to run his code. In XACML the Policy Administration Point (PAP) provides policies for Policy Decision Point (PDP). So PAP should know about all the policies regarding the resources of the network. Regarding the policies that the PAP itself sets up, it obviously knows about their location. As for the policies that the resource principals want to consider, they should inform the PAP about them. Figure 5.1 illustrates this issue. This way, when there is a request for a resource, the PAP can find the related policies for that resource and pass them to the PDP for making decision about the request. 28

39 Policy Policy Policy Policy Administration Point (PAP) Policy Policy Policy Figure 5.1 The resource providers should inform PAP about their policies. It should be noted that in this scenario, a node in the distributed network could either act as resource provider that sets up a policy for accessing its resource, or it could be requesting another node s resource. 5.4 Evaluation of Policies So far we provided the resource principals the possibility to set up their own policies. Although this helps the local providers consider their own restrictions, but still policies should be considered centrally for coming up to a final decision. To clarify why centralization is needed for evaluation, consider the case where there is a request for accessing a resource that has more than one principal; one is the administrator and others are distributed providers. Each principal may have some restrictions in form of policies. And it is necessary to consider all those policies. If there is no central point that knows about all those policies, a request has to traverse to each and every point that has a policy for the requested resource and checks its decision. It means that the requester has to have a way to know about all the principals of a resource. 29

40 This could be possible either if each requester has such a knowledge itself, which is almost impossible and inefficient in big networks, or if a central point specifies which principals policies to check. Though the latter case is not impossible, but then combining those distributed policies without any centralization is not an easy task. This is especially true in cases where some strategies should be considered for prioritizing some decisions over the others. Therefore, even though the policies setup would be done in a distributed manner, but the evaluation of the policies has to be done centrally. 5.5 Distribution of Policies and Central Evaluation Access management would be distributed by letting the resource principals set up their own policies and self-administer their resources. However, we need to have some kind of centralization in order to come up to a final decision about accessing a resource. Even though these two scenarios may seem to be contradictory, but they are not. As we will see, XACML standard provides a way to support both ideas at the same time. In XACML, Policy Administration Point (PAP) is the point where it knows about all the policies. Even though this is mostly PAP that is considered as the writer of the policies [12, 21], but it is actually the point that should know about the existing policies. Therefore in our solution we provide an interface for the resource providers to upload their policies to PAP. This is actually a way to make the policy known to the system, since PAP is the point that is queried for fetching policies for each resource by the Policy Decision Point (PDP). Apart from the providers, the PAP itself can have some policies for different resources. As a result, when there is a request for accessing a resource, PAP will fetch local policies from the providers (local providers have informed PAP about their policies. See Figure 5.1) and together with its own policy will send to PDP for evaluation. Figure 5.2 illustrates this. 30

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

On XACML, role-based access control, and health grids

On XACML, role-based access control, and health grids On XACML, role-based access control, and health grids 01 On XACML, role-based access control, and health grids D. Power, M. Slaymaker, E. Politou and A. Simpson On XACML, role-based access control, and

More information

XACML. extensible Access Control Markup Language

XACML. extensible Access Control Markup Language XACML extensible Access Control Markup Language Author Coordinator Doutor Diogo Gomes Collaborator Engenheiro Ricardo Azevedo Universidade de Aveiro Instituto de Telecomunicações Portugal Telecom Inovação

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

Oracle Identity Manager, Oracle Internet Directory

Oracle Identity Manager, Oracle Internet Directory Oracle Identity Manager (OIM) is a user provisioning system. It defines properties for how users and groups get authorized to access compute and content resources across the enterprise. Identity Management

More information

Using XACML Policies as OAuth Scope

Using XACML Policies as OAuth Scope Using XACML Policies as OAuth Scope Hal Lockhart Oracle I have been exploring the possibility of expressing the Scope of an OAuth Access Token by using XACML policies. In this document I will first describe

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management A Business Case for Fine-Grained Authorization and Centralized Policy Management Dissolving Infrastructures A recent Roundtable with CIOs from a dozen multinational companies concurred that Identity &

More information

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations

More information

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0 sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary...

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September 2007. Trianz 2008 White Paper Page 1 White Paper Authentication and Access Control - The Cornerstone of Information Security Vinay Purohit September 2007 Trianz 2008 White Paper Page 1 Table of Contents 1 Scope and Objective --------------------------------------------------------------------------------------------------------

More information

User Management Guide

User Management Guide AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Role Based Access Control for Industrial Automation and Control Systems

Role Based Access Control for Industrial Automation and Control Systems Role Based Access Control for Industrial Automation and Control Systems Johan B. Nye ExxonMobil Research and Engineering Co. Kevin P. Staggs Honeywell ACS Advanced Technology Labs 27 October 2010 abstract

More information

LDAP and Integrated Technologies: A Simple Primer Brian Kowalczyk, Kowal Computer Solutions Inc., IL Richard Kerwin, R.K. Consulting Inc.

LDAP and Integrated Technologies: A Simple Primer Brian Kowalczyk, Kowal Computer Solutions Inc., IL Richard Kerwin, R.K. Consulting Inc. LDAP and Integrated Technologies: A Simple Primer Brian Kowalczyk, Kowal Computer Solutions Inc., IL Richard Kerwin, R.K. Consulting Inc., IL ABSTRACT SAS Integration Technologies and LDAP(Lightweight

More information

White Paper The Identity & Access Management (R)evolution

White Paper The Identity & Access Management (R)evolution White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management

More information

Managing Users and Identity Stores

Managing Users and Identity Stores CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting

More information

Whitepaper: Manage Access Control for Network Resources with Securitay s Security Policy Manager

Whitepaper: Manage Access Control for Network Resources with Securitay s Security Policy Manager Whitepaper: Manage Access Control for Network Resources with Securitay s Security Policy Manager Introduction The past several years has seen an increase in the amount of attention paid to security management

More information

Obligation Standardization

Obligation Standardization Obligation Standardization David Chadwick, University of Kent, Mario Lischka, NEC Europe Ltd The OASIS XACML standard has become a recognized standard for the specification of access control policies,

More information

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Interoperability Summit 2002 SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Gavenraj Sodhi Senior Technology Analyst Provisioning

More information

Remote Authentication and Single Sign-on Support in Tk20

Remote Authentication and Single Sign-on Support in Tk20 Remote Authentication and Single Sign-on Support in Tk20 1 Table of content Introduction:... 3 Architecture... 3 Single Sign-on... 5 Remote Authentication... 6 Request for Information... 8 Testing Procedure...

More information

LDAP User Service Guide 30 June 2006

LDAP User Service Guide 30 June 2006 LDAP User Service Guide 30 June 2006 This documents usage of the LDAP User Service for NiagaraAX version 3.1. INSTALLATION... 2 PALETTE... 3 LDAPUSERSERVICE... 3 ACTIVEDIRECTORYSERVICE... 3 KEY CONCEPTS...

More information

Directory Integration in LANDesk Management Suite

Directory Integration in LANDesk Management Suite Directory Integration in LANDesk Management Suite A white-paper detailing the use of an LDAP Directory in an LANDesk Management Suite environment LANDesk Software Inc. Sam Merrill Technical Marketing Engineer

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

User Guide. You will be presented with a login screen which will ask you for your username and password.

User Guide. You will be presented with a login screen which will ask you for your username and password. User Guide Overview SurfProtect is a real-time web-site filtering system designed to adapt to your particular needs. The main advantage with SurfProtect over many rivals is its unique architecture that

More information

A Survey Study on Monitoring Service for Grid

A Survey Study on Monitoring Service for Grid A Survey Study on Monitoring Service for Grid Erkang You erkyou@indiana.edu ABSTRACT Grid is a distributed system that integrates heterogeneous systems into a single transparent computer, aiming to provide

More information

Delegated Administration Quick Start

Delegated Administration Quick Start Delegated Administration Quick Start Topic 50200 Delegated Administration Quick Start Updated 22-Oct-2013 Applies to: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere,

More information

SharePoint 2013 Logical Architecture

SharePoint 2013 Logical Architecture SharePoint 2013 Logical Architecture This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

More information

IGI Portal architecture and interaction with a CA- online

IGI Portal architecture and interaction with a CA- online IGI Portal architecture and interaction with a CA- online Abstract In the framework of the Italian Grid Infrastructure, we are designing a web portal for the grid and cloud services provisioning. In following

More information

The Encryption Anywhere Data Protection Platform

The Encryption Anywhere Data Protection Platform The Encryption Anywhere Data Protection Platform A Technical White Paper 5 December 2005 475 Brannan Street, Suite 400, San Francisco CA 94107-5421 800-440-0419 415-683-2200 Fax 415-683-2349 For more information,

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

The scenario goal is to set up OpenFire with LDAP based authentication against Microsoft (MS) Active Directory (AD).

The scenario goal is to set up OpenFire with LDAP based authentication against Microsoft (MS) Active Directory (AD). 1 of 8 2/6/2012 8:52 AM Home OpenFire XMPP (Jabber) Server OpenFire Active Directory LDAP integration Sat, 01/05/2010-09:49 uvigii Contents 1. Scenario 2. A brief introduction to LDAP protocol 3. Configure

More information

Entitlements Access Management for Software Developers

Entitlements Access Management for Software Developers Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0

Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 sm Open Data Center Alliance Usage: Infrastructure as a Service (IaaS) Privileged User Access rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Related Usage Models... 5 Reference Framework...

More information

Spectrum Technology Platform. Version 9.0. Administration Guide

Spectrum Technology Platform. Version 9.0. Administration Guide Spectrum Technology Platform Version 9.0 Administration Guide Contents Chapter 1: Getting Started...7 Starting and Stopping the Server...8 Installing the Client Tools...8 Starting the Client Tools...9

More information

Configuring and Using the TMM with LDAP / Active Directory

Configuring and Using the TMM with LDAP / Active Directory Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring

More information

Load Balancing and Clustering in EPiServer

Load Balancing and Clustering in EPiServer Load Balancing and Clustering in EPiServer Abstract This white paper describes the main differences between load balancing and clustering, and details EPiServer's possibilities of existing in a clustered

More information

Run-time Service Oriented Architecture (SOA) V 0.1

Run-time Service Oriented Architecture (SOA) V 0.1 Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Extending XACML for Open Web-based Scenarios

Extending XACML for Open Web-based Scenarios Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1, Sabrina De Capitani di Vimercati 1, Stefano Paraboschi 2, Eros Pedrini 1, Pierangela Samarati 1, Mario Verdicchio 2 1 DTI - Università

More information

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview Xerox Multifunction Devices Customer Tips February 13, 2008 This document applies to the stated Xerox products. It is assumed that your device is equipped with the appropriate option(s) to support the

More information

Chapter 3 Authenticating Users

Chapter 3 Authenticating Users Chapter 3 Authenticating Users Remote users connecting to the SSL VPN Concentrator must be authenticated before being allowed to access the network. The login window presented to the user requires three

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently

More information

Chapter 11 Distributed File Systems. Distributed File Systems

Chapter 11 Distributed File Systems. Distributed File Systems Chapter 11 Distributed File Systems Introduction Case studies NFS Coda 1 Distributed File Systems A distributed file system enables clients to access files stored on one or more remote file servers A file

More information

QAME Support for Policy-Based Management of Country-wide Networks

QAME Support for Policy-Based Management of Country-wide Networks QAME Support for Policy-Based Management of Country-wide Networks Clarissa C. Marquezan, Lisandro Z. Granville, Ricardo L. Vianna, Rodrigo S. Alves Institute of Informatics Computer Networks Group Federal

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Software design (Cont.)

Software design (Cont.) Package diagrams Architectural styles Software design (Cont.) Design modelling technique: Package Diagrams Package: A module containing any number of classes Packages can be nested arbitrarily E.g.: Java

More information

The Role and uses of Peer-to-Peer in file-sharing. Computer Communication & Distributed Systems EDA 390

The Role and uses of Peer-to-Peer in file-sharing. Computer Communication & Distributed Systems EDA 390 The Role and uses of Peer-to-Peer in file-sharing Computer Communication & Distributed Systems EDA 390 Jenny Bengtsson Prarthanaa Khokar jenben@dtek.chalmers.se prarthan@dtek.chalmers.se Gothenburg, May

More information

SHARPCLOUD SECURITY STATEMENT

SHARPCLOUD SECURITY STATEMENT SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud

More information

The XACML Enabled Gateway The Entrance to a New SOA Ecosystem

The XACML Enabled Gateway The Entrance to a New SOA Ecosystem The XACML Enabled Gateway The Entrance to a New SOA Ecosystem White Paper Intel SOA Expressway and Axiomatics Policy Server Solution Intel SOA Expressway and Axiomatics Policy Server combined provide a

More information

Toolbox 3.3 Client-Server Configuration. Quick configuration guide. User manual. For the latest news. and the most up-todate.

Toolbox 3.3 Client-Server Configuration. Quick configuration guide. User manual. For the latest news. and the most up-todate. User manual Toolbox 3.3 Client-Server Configuration Quick configuration guide For the latest news and the most up-todate information, please consult the Document history Version Comment Version 1.0 30/10/2010,

More information

Managing Identities and Admin Access

Managing Identities and Admin Access CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.

More information

Groove Management Server

Groove Management Server Groove Management Server Version 3.1 Domain Administrator s Guide Copyright Copyright 2001-2005, Groove Networks, Inc. All rights reserved. You may not reproduce or distribute any part of this document

More information

Administration Challenges

Administration Challenges The Essentials Series: Enterprise Identity and Access Management Administration Challenges sponsored by by Richard Siddaway Administration Challenges...1 Heterogeneous Environments...1 Multiple Directories...1

More information

OAuth2lib Based Groups Management Tool for Authorization and Services Aggregation

OAuth2lib Based Groups Management Tool for Authorization and Services Aggregation Thursday 16th June 2011 Poster Session OAuth2lib Based Groups Management Tool for Authorization and Services Aggregation 1. INTRODUCTION Over recent years we have witnessed the emergence and consolidation

More information

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Configuring SonicWALL TSA on Citrix and Terminal Services Servers Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,

More information

Secret Server Qualys Integration Guide

Secret Server Qualys Integration Guide Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server

More information

Configuring and Monitoring Virtual Server 2005

Configuring and Monitoring Virtual Server 2005 Configuring and Monitoring Virtual Server 2005 eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this

More information

A Distributed Grid Service Broker for Web-Services Based Grid Applications

A Distributed Grid Service Broker for Web-Services Based Grid Applications A Distributed Grid Service Broker for Web-Services Based Grid Applications Dr. Yih-Jiun Lee Mr. Kai-Wen Lien Dept. of Information Management, Chien Kuo Technology University, Taiwan Web-Service NASA IDGEURO

More information

NetScreen s Approach to Scalable Policy-based Management

NetScreen s Approach to Scalable Policy-based Management NetScreen s Approach to Scalable Policy-based Management March 2002 A White Paper By NetScreen Technologies Inc. http://www.netscreen.com Table of Contents Introduction... 3 Traditional Management vs.

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

www.novell.com/documentation Policy Guide Access Manager 3.1 SP5 January 2013

www.novell.com/documentation Policy Guide Access Manager 3.1 SP5 January 2013 www.novell.com/documentation Policy Guide Access Manager 3.1 SP5 January 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,

More information

Adeptia Suite LDAP Integration Guide

Adeptia Suite LDAP Integration Guide Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736 DOCUMENT INFORMATION Adeptia

More information

AGILEXRM REFERENCE ARCHITECTURE

AGILEXRM REFERENCE ARCHITECTURE AGILEXRM REFERENCE ARCHITECTURE 2012 AgilePoint, Inc. Table of Contents 1. Introduction 4 1.1 Disclaimer of warranty 4 1.2 AgileXRM components 5 1.3 Access from PES to AgileXRM Process Engine Database

More information

LT Auditor+ 2013. Windows Assessment SP1 Installation & Configuration Guide

LT Auditor+ 2013. Windows Assessment SP1 Installation & Configuration Guide LT Auditor+ 2013 Windows Assessment SP1 Installation & Configuration Guide Table of Contents CHAPTER 1- OVERVIEW... 3 CHAPTER 2 - INSTALL LT AUDITOR+ WINDOWS ASSESSMENT SP1 COMPONENTS... 4 System Requirements...

More information

Active Directory LDAP

Active Directory LDAP Whitepaper WPS Parking Solutions Hoevenweg 11 5652 AW EIndhoven T +31 (0)40 250 91 11, info@wps-nl.com, www.wpsparkingsolutions.com T +31(0)40 250 91 11, E info@wps-nl.com, W www.wpsparkingsolutions.com

More information

Privileged User Password Management in Shared Environments

Privileged User Password Management in Shared Environments FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN UNIVERSITÄT MÜNCHEN Master s thesis in computer science Privileged User Password Management in Shared Environments Manuel Söhner FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure (Exam 70-294) Table of Contents Course Overview... 2 Section 1.1: Introduction to Active Directory... 3 Section

More information

SECURE INFORMATION INTEGRATION WITH A SEMANTIC WEB-BASED FRAMEWORK

SECURE INFORMATION INTEGRATION WITH A SEMANTIC WEB-BASED FRAMEWORK SECURE INFORMATION INTEGRATION WITH A SEMANTIC WEB-BASED FRAMEWORK Pranav Parikh, Murat Kantarcioglu, Vaibhav Khadilkar, Bhavani Thuraisingham, Latifur Khan The University of Texas at Dallas Abstract In

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Using RADIUS Agent for Transparent User Identification

Using RADIUS Agent for Transparent User Identification Using RADIUS Agent for Transparent User Identification Using RADIUS Agent Web Security Solutions Version 7.7, 7.8 Websense RADIUS Agent works together with the RADIUS server and RADIUS clients in your

More information

SMART Vantage. Installation guide

SMART Vantage. Installation guide SMART Vantage Installation guide Product registration If you register your SMART product, we ll notify you of new features and software upgrades. Register online at smarttech.com/registration. Keep the

More information

Electronic Health Network - Case Study Consent2Share Share with Confidence

Electronic Health Network - Case Study Consent2Share Share with Confidence Electronic Health Network - Case Study Consent2Share Share with Confidence Jan 2015 About Consent2Share Complying with privacy regulations in an electronic environment is a very complex process. The Consent2Share

More information

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication This application note describes how to authenticate users on a Cisco ISA500 Series security appliance. It includes these

More information

Dynamic Security. Concepts & Facilities

Dynamic Security. Concepts & Facilities Dynamic Security Concepts & Facilities positioning Security Concepts Static vs. Dynamic security Physical and IT security convergence Location based security Temporal based security Role based security

More information

Mobile Devices: Server and Management Lesson 06 Device Management

Mobile Devices: Server and Management Lesson 06 Device Management Mobile Devices: Server and Management Lesson 06 Device Management Oxford University Press 2007. All rights reserved. 1 Device Management (DM) Many types of devices in a mobile network Managed by a mobile

More information

Distributed Systems LEEC (2005/06 2º Sem.)

Distributed Systems LEEC (2005/06 2º Sem.) Distributed Systems LEEC (2005/06 2º Sem.) Introduction João Paulo Carvalho Universidade Técnica de Lisboa / Instituto Superior Técnico Outline Definition of a Distributed System Goals Connecting Users

More information

Quest InTrust. Change auditing and policy compliance for the secure enterprise. May 2008. Copyright 2006 Quest Software

Quest InTrust. Change auditing and policy compliance for the secure enterprise. May 2008. Copyright 2006 Quest Software Quest InTrust Change auditing and policy compliance for the secure enterprise May 2008 Copyright 2006 Quest Software Quest is the Thought Leader in Active Directory Named Microsoft Global ISV Partner of

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Directory Enabled Distributed Packet Filtration System

Directory Enabled Distributed Packet Filtration System Directory Enabled Distributed Packet Filtration System A Scalable and High Performance Security Architecture Siddhartha Gavirneni sgavirne@eecs.ku.edu Electrical Engineering and Computer Science Networking

More information

2. Create (if required) 3. Register. 4.Get policy files for policy enforced by the container or middleware eg: Gridmap file

2. Create (if required) 3. Register. 4.Get policy files for policy enforced by the container or middleware eg: Gridmap file Policy Management for OGSA Applications as Grid Services (Work in Progress) Lavanya Ramakrishnan MCNC-RDI Research and Development Institute 3021 Cornwallis Road, P.O. Box 13910, Research Triangle Park,

More information

Technical. Overview. ~ a ~ irods version 4.x

Technical. Overview. ~ a ~ irods version 4.x Technical Overview ~ a ~ irods version 4.x The integrated Ru e-oriented DATA System irods is open-source, data management software that lets users: access, manage, and share data across any type or number

More information

Introduction. Connection security

Introduction. Connection security SECURITY AND AUDITABILITY WITH SAGE ERP X3 Introduction An ERP contains usually a huge set of data concerning all the activities of a company or a group a company. As some of them are sensitive information

More information

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 The Need for

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Policy-based Pre-Processing in Hadoop

Policy-based Pre-Processing in Hadoop Policy-based Pre-Processing in Hadoop Yi Cheng, Christian Schaefer Ericsson Research Stockholm, Sweden yi.cheng@ericsson.com, christian.schaefer@ericsson.com Abstract While big data analytics provides

More information

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as

More information

This research note is restricted to the personal use of christine_tolman@byu.edu

This research note is restricted to the personal use of christine_tolman@byu.edu Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

How to Configure Dynamic DNS on a Virtual Access Router

How to Configure Dynamic DNS on a Virtual Access Router How to Configure Dynamic DNS on a Virtual Access Router Issue 1.0 Date 03 April 2012 Table of contents 1 About this document... 3 1.1 Scope... 3 1.2 Readership... 3 1.3 Terminology... 3 2 Introduction...

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

SWIFT: Advanced identity management

SWIFT: Advanced identity management SWIFT: Advanced identity management Elena Torroglosa, Alejandro Pérez, Gabriel López, Antonio F. Gómez-Skarmeta and Oscar Cánovas Department of Information and Communications Engineering University of

More information

Chapter 1 - Web Server Management and Cluster Topology

Chapter 1 - Web Server Management and Cluster Topology Objectives At the end of this chapter, participants will be able to understand: Web server management options provided by Network Deployment Clustered Application Servers Cluster creation and management

More information

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0 Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator

More information

Active Directory Monitoring With PATROL

Active Directory Monitoring With PATROL Active Directory Monitoring With PATROL Contents What is Active Directory?...1 Why Monitor?...1 Active Directory and PATROL...2 Critical Active Directory Components to Monitor...3 Address Book...3 Domain

More information

Web Application Hosting Cloud Architecture

Web Application Hosting Cloud Architecture Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described

More information