170 likes | 261 Views
Thoughts on Proposal 0.8. Like the general approach Present ideas in three areas Glossary – we are still not communicating effectively, too much time explaining what we mean vs. constructive debate Policy Information Decision Strategies. Glossary Issues. Add “Access Request”
E N D
Thoughts on Proposal 0.8 • Like the general approach • Present ideas in three areas • Glossary – we are still not communicating effectively, too much time explaining what we mean vs. constructive debate • Policy Information • Decision Strategies
Glossary Issues • Add “Access Request” • Applicable Policy – all policy is applicable to something. Can only be applicable with respect to a particular request • Need names for • Whole XML document target+rules+post cond • Set of XML documents applying to specified request
Glossary Issues • Classification is unintuitive • Resource attribute • Internal Post Condition – PDP must insure it occurs, not necessarily precede return of result, e.g. audit trial write behind, via Safe Store • Role definition is completely non-standard • Role is Principal attribute with special semantics (choice of several) Lots of principal attributes are not roles, e.g. Signing limit
Glossary Issues • Target mapping • In policy • May match multiple targets • Target value • In request • Exactly one target • More generally need to distinguish between • Policy formals (ValueRef) • Decision-time actuals (Value)
Were can policy inputs come from? • Authentication act • Session information • Access Request • Attribute Authority • Resource Metadata • Resource Content
Who has this info? • Authentication act – Authentication Authority • Session information – Session Authority • Access Request - PEP • Principal Attributes - Attribute Authority • Resource Metadata – PEP • Resource Content - PEP
Conclusions • The PIP has no useful role • There is no Environment
Example Information • Authentication act • Principal • Date/time • Location • Method • Session information • Principal • Start time • Last Active • Other…
Example Information • Access Request • Requester principal • Receiver principal • Codebase principal • Intermediary principal • Date/time • Location • Resource • Action • Parameters
Example Information • Attribute Authority • Principal Attributes • Resource Metadata • Name • Attributes • Resource Content • Data fields
Conclusions • The same item can appear in different contexts, e.g. date/time, need to distinguish • Within the access request, there can be different principals, need to distinguish • Authentication and Session properties can apply to any of the principals in the request, e.g. method of Authentication used by intermediary principal • Same is true for principal attributes
Decision Strategies • Issue: some policy features constrain the choice of decision strategy, e.g. Global deny prevents incremental evaluation • Features may be required in some environments • Other environments may not wish to forgo optimizations for non-requirment
Suggested Approach • Identify all possible decision strategies (I don’t think there are that many) • If a feature’s use precludes one of more, document the fact • Environments can decide to use or exclude the feature
Decision Strategies • Strategy I - Basic • Collect all applicable policies • Obtain all required inputs • Evaluate all policies • Apply PFR to resolve conflicting results
Decision Strategies • Strategy II - Optimized • Collect all applicable policies • Use PFR to create equivalent combined policy • Evaluate policies incrementally, gathering inputs as needed, defer evaluations based on inputs requirements(this for example allows "lazy authentication" where authentication is not done if the result can be determined without it) • Once the result is known, stop evaluation
Decision Strategies • Strategy III- Incremental collection • Collect "some" policies • Obtain required inputs • Evaluate current policy set • Use PFR to combine latest results with previous results (if any) • If result is known, stop evaluation • If not all policies have been collected, repeat previous steps
Questions • Is this approach helpful? • Are there other decision strategies?