1 / 18

Authorization Models

Authorization Models. Radia Perlman Radia.Perlman@sun.com. Important problems. Something that is understandable for someone to manage the policy Something that is efficient for a system to check policy checking if A is allowed to do X when A asks to do X

apollo
Download Presentation

Authorization Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorization Models Radia PerlmanRadia.Perlman@sun.com

  2. Important problems • Something that is understandable for someone to manage the policy • Something that is efficient for a system to check policy • checking if A is allowed to do X when A asks to do X • checking everything A is allowed to do • checking who is allowed to do X • Updating policy (including revocation) must be comprehensible, efficient, and timely

  3. Stake in the ground • Basically, most models map to groups and ACLs

  4. ACLs • Associated with each resource is an ACL • set of (Who, what they can do) • Note: “resource” can be a set of resources, all with a common ACL • Can be fancier • other things like time of day, IP addresses from which things must be accessed

  5. What is who? • Any Boolean combination of • Individuals • Groups • “Roles” • Groups and roles are also any Boolean combination of individuals, groups, and roles • Which means groups can be arbitrarily nested

  6. Nested groups Sun employees Sun-CA Sun-MA Sun-MPK Sun-SJC

  7. Roles vs Groups • Mostly in the literature used interchangeably • Possible distinctions • Roles have to be explicitly invoked, and might be mutually exclusive, and might require authentication, vs groups: always a member of all groups you are a member of • Roles have names (like “administrator”) that are local to a resource

  8. Attributes • Can be treated like a group • “over 21” can be “set of people over 21” • “paid member of ACM” can be “set of people who have paid ACM membership”

  9. Models around “what is A allowed to do” • Really not “centrally controlled” • Only within a “scope” • Just like ACL on a file • Alice: read, write • Bob: read • Carol: read, write, delete

  10. Proving membership • Could have some things in your (name/key) cert • Or could have a separate credential • Such as a cert vouching: • (public key, attribute/group name) • (name, attribute/group name) • Or knowledge of a group secret • Or coming from an IP address in the US • Note: authorization doesn’t necessarily imply you have to identify yourself

  11. X.509 attribute cert model • Attribute, like “clearance”, has an OID • You need a separate PMI (privilege management infrastructure) starting with a SOA (start of authority) to vouch for the attribute • You’d say “I trust US navy” for clearance

  12. Name-based model • Hierarchical name • Name of attribute implies who is trusted to assert it • gov.US.navy.clearance is a totally different attribute from gov.Russia.KGB.clearance

  13. Name based trust chains, both for identity and authorization

  14. Bottom-Up Model • Each arc in name tree has parent certificate (up) and child certificate (down) • Name space has CA for each node • “Name Subordination” means CA trusted only for a portion of the namespace • Cross Links to connect Intranets, or to increase security • Start with your public key, navigate up, cross, and down

  15. Intranet abc.com nj.abc.com ma.abc.com alice@nj.abc.com bob@nj.abc.com carol@ma.abc.com

  16. Extranets: Crosslinks xyz.com abc.com

  17. Extranets: Adding Roots root xyz.com abc.com

  18. Conclusion • Groups, ACLs, Identities have been around for years • Can do anything that the other models do

More Related