1 / 10

Survey of Identity Repository Security Models

Survey of Identity Repository Security Models. JSR 351, Sep 2012. Background. JSR 351 Terms – Attribute Repository, Identity Repository, Attribute Service This survey is limited to identity repositories only JSR 351 scope of work includes a security model for the (Identity) Attribute Service

heman
Download Presentation

Survey of Identity Repository Security Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survey of Identity Repository Security Models JSR 351, Sep 2012

  2. Background • JSR 351 Terms – Attribute Repository, Identity Repository, Attribute Service • This survey is limited to identity repositories only • JSR 351 scope of work includes a security model for the (Identity) Attribute Service • Includes access control model for the release of attributes • This area needs more definition and use-cases • Survey of two popular identity repositories • LDAP Directories • Facebook

  3. Actors • User – entity on behalf-of-whom access to identity data is sought • No user, client is action on its own behalf • Present, client acts on behalf of user with active session • Absent, clients acts on behalf of user with no active user session • Client – application which interacts with the identity repository • Network protocol • LDAP protocol • Facebook Graph API (actually a REST network protocol) • Identity Repository

  4. LDAP Security Model • Every entry in a LDAP directory has a distinguished name (DN) • Both leaf nodes and non-leaf nodes have DNs • Clients open connections to directories over server-side TLS/SSL • Clients perform a FIND and BIND operation to establish an authorization identity • Typically a DN • BIND operation may include credentials • Anonymous mode also supported

  5. Proxy Authorization • Directories can be configured to allow clients to impersonate classes of users • “HR application can impersonate all users at employment level 6 or below” • Client authenticates to the directory and then selects a different authorization identity • No standard mechanism but all directories support some form of proxy auth • Policies can use filters based on DN and attributes to limit the class of impersonated users • Avoids the “su” problem

  6. LDAP Authorization Model • No standard model • But draft-ietf-ldapext-acl-model-08.txt is helpful • Servers implement AuthZ model based on • Authorization identity • Target • Operation • Access Control Rules use patterns and search strings • Anyone can read entries in the “dc=oracle,dc=com”subtree, they can view all attributes except for pwd

  7. AuthZ Model Continued • Sophisticated policies can be expressed • Delegated administration • Group membership • Roles or Attributes • Default deny vs. default access • Also a source of complexity • Different products use different models • Design and testing of policies requires expert knowledge and effort

  8. Facebook • Based on documentation accessed Sep 2012 • Certain amount of information is available without client or user authentication • This is information that the user has declared public • Users can grant secured access to a client application • Based on Oauth 2.0 three-legged flow • Once authenticated, user gives consent for sharing • Clients may request permissions for varying access

  9. Permissions • Map directly to Oauth 2.0 scope parameter • Categories • Basic (default – id, name, picture, gender, locale) • User and Friends Permissions (e.g., user_likes) • user_xxx (provides access to xxx data section) • friends_xxx • Extended Permissions • Enables administrative privileges • Open Graph Permissions, Page Permissions • For more advanced apps?

  10. Facebook Summary • User-mediated access model has many strengths • But its hard to disentangle principles from Facebook specifics • How to discover permissions required for access to attributes? • Is the “user absent” case covered by long-lived Oauth access tokens?

More Related