View
3
Download
0
Category
Preview:
Citation preview
INF3
510
Info
rmat
ion
Sec
urity
U
nive
rsity
of O
slo
Spr
ing
2014
Lect
ure
9 Id
entit
y M
anag
emen
t and
Acc
ess
Con
trol
Uni
vers
ity o
f Osl
o S
prin
g 20
14
Out
line
•Id
entit
y an
d ac
cess
man
agem
ent c
once
pts
•Id
entit
y m
anag
emen
t mod
els
•A
cces
s co
ntro
l mod
els
(sec
urity
mod
els)
•
Ope
n au
toriz
atio
n
L09
- Id
Man
& A
C
2 IN
F351
0 - U
iO 2
014
The
conc
ept o
f ide
ntity
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 3
Ent
ities
Per
sons
Org
anis
atio
ns
Sys
tem
s
Iden
titie
s ha
ve
cons
ist o
f A
ttrib
utes
A
B
C
X
Y
Z
Nam
es,
Iden
tifie
rs &
C
hara
cter
istic
s
Con
cept
s re
late
d to
iden
tity
•E
ntity
–
A p
erso
n, o
rgan
isat
ion,
age
nt, s
yste
m, e
tc.
•Id
entit
y –
A s
et o
f nam
es /
attri
bute
s of
ent
ity in
a s
peci
fic d
omai
n –
An
entit
y m
ay h
ave
mul
tiple
iden
titie
s in
one
dom
ain
•D
igita
l ide
ntity
–
Dig
ital r
epre
sent
atio
n of
nam
es /
attri
bute
s in
a w
ay th
at is
su
itabl
e fo
r pro
cess
ing
by c
ompu
ters
•
Nam
es a
nd a
ttrib
utes
of e
ntity
•
Can
be
uniq
ue o
r am
bigu
ous
with
in a
dom
ain
•Tr
ansi
ent o
r per
man
ent,
self
defin
ed o
r by
auth
ority
, int
erpr
etat
ion
by h
uman
s an
d/or
co
mpu
ters
, etc
L09
- Id
Man
& A
C
4 IN
F351
0 - U
iO 2
014
Iden
tity
•E
tym
olog
y (o
rigin
al m
eani
ng o
f wor
ds)
–“id
entit
y” =
“sam
e on
e as
pre
viou
s tim
e”.
•“F
irst-t
ime”
aut
hent
icat
ion
is n
ot m
eani
ngfu
l –
beca
use
ther
e is
no
“pre
viou
s tim
e”
•A
uthe
ntic
atio
n re
quire
s a
first
tim
e re
gist
ratio
n of
iden
tity
in th
e fo
rm o
f a n
ame
with
in a
dom
ain
•R
egis
tratio
n ca
n be
take
two
form
s:
–pr
e-au
then
ticat
ion,
from
pre
viou
s id
entit
y, e
.g. p
assp
ort
–cr
eatio
n of
new
iden
tity,
e.g
. New
bor
n ba
by
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 5
Iden
tity
man
agem
ent p
roce
sses
6 L0
9 - I
d M
an &
AC
IN
F351
0 - U
iO 2
014
Use
r Sid
e Se
rvic
e Pr
ovid
er
Side
Use
r Ide
ntity
M
anag
emen
t Id
Man
pro
cess
es fo
r us
er Id
s &
cre
dent
ials
on
use
r sid
e
IdM
an p
roce
sses
for
user
Ids
& c
rede
ntia
ls
on S
P si
de
SP Id
entit
y
M
anag
emen
t Id
Man
pro
cess
es fo
r S
P Id
s &
cre
dent
ials
on
use
r sid
e
IdM
an p
roce
sses
for
SP
Ids
& c
rede
ntia
ls
on S
P si
de
Id
Id
Cert
.
Pass
wor
d/
Toke
n
Iden
tity
Dom
ains
•
An
Id d
omai
n ha
s a
nam
e sp
ace
of u
niqu
e na
mes
•
Man
agem
ent s
truct
ure
optio
ns:
–S
ingl
e au
thor
ity, e
.g. U
ser I
ds in
com
pany
net
wor
k –
Hie
rarc
hica
l: e.
g. D
NS
(Dom
ain
Nam
e S
yste
m)
•In
tegr
atio
n/fe
dera
tion
of Id
dom
ains
–
Req
uire
s m
appi
ng o
f ide
ntiti
es o
f sam
e en
tity
–R
equi
res
alig
nmen
t of p
olic
ies
/ sin
gle
polic
y
•Th
is le
ctur
e fo
cuse
s on
use
r ide
ntiti
es, n
ot S
P id
entit
ies
L09
- Id
Man
& A
C
7
Silo
Id D
omai
n A
S
ilo Id
Dom
ain
B
Map
ping
Fede
rate
d Id
dom
ains
Use
r S
ervi
ce A
S
ervi
ce B
IN
F351
0 - U
iO 2
014
Silo
Id d
omai
n m
odel
Lege
nd:
Use
r ide
ntifi
er
man
aged
by
IdP
X
Aut
hent
icat
ion
toke
n m
anag
ed b
y Id
P X
S
ervi
ce lo
gon
Ser
vice
pro
visi
on
Id
entit
y do
mai
n
X
SP
IdP
X
SP/Id
P A
SP/Id
P C
SP/Id
PB
A A
B B
C
C
L09
- Id
Man
& A
C
8 IN
F351
0 - U
iO 2
014
Silo
Id d
omai
ns
•S
P =
IdP
: def
ines
nam
e sp
ace
and
pro
vide
s ac
cess
cr
eden
tials
•
Uni
que
iden
tifie
r ass
igne
d to
eac
h en
tity
•A
dvan
tage
s –
Sim
ple
to d
eplo
y, lo
w c
ost f
or S
Ps
•D
isad
vant
ages
–
Iden
tity
over
load
for u
sers
, poo
r usa
bilit
y, lo
st b
usin
ess
L09
- Id
Man
& A
C
9 IN
F351
0 - U
iO 2
014
Sin
gle
Id a
nd S
SO
(Sin
gle
Sig
n-O
n)
•U
sers
don
’t w
ant m
ore
iden
tifie
rs a
nd c
rede
ntia
ls
•Lo
w a
ccep
tanc
e of
new
ser
vice
s th
at re
quire
sep
arat
e us
er a
uthe
ntic
atio
n •
Silo
mod
el re
quire
s us
ers
to p
rovi
de s
ame
info
rmat
ion
to
man
y se
rvic
e pr
ovid
ers
•S
ilo m
odel
mak
es it
diff
icul
t to
offe
r bun
dled
ser
vice
s, i.
e.
from
diff
eren
t ser
vice
pro
vide
rs
•S
ervi
ce p
rovi
ders
wan
t to
bund
le a
nd c
olle
ct u
ser
info
rmat
ion
L09
- Id
Man
& A
C
10
INF3
510
- UiO
201
4
INF3
510
- UiO
201
4 11
Ker
bero
s S
SO
•
Par
t of p
roje
ct A
then
a (M
IT) i
n 19
83.
•U
ser m
ust a
uthe
ntic
ate
once
at t
he b
egin
ning
of a
w
orks
tatio
n se
ssio
n (lo
gin
sess
ion)
. •
Ser
ver t
hen
auth
entic
ates
Ker
bero
s cl
ient
on
user
’s
wor
ksta
tion
inst
ead
of a
uthe
ntic
atin
g th
e us
er
–S
o us
er d
oes
not n
eed
to e
nter
pas
swor
d ev
ery
time
a se
rvic
e is
re
ques
ted!
•
Eve
ry u
ser s
hare
s a
pass
wor
d w
ith th
e A
S
(Aut
hent
icat
ion
Ser
ver)
•
Eve
ry S
P (s
ervi
ce p
rovi
der)
sha
res
a se
cret
key
with
the
TGS
(Tic
ket G
rant
ing
Ser
ver)
•
Tick
ets
are
seal
ed (e
ncry
pted
) by
TGS
pro
ves
to S
Ps
that
the
user
has
bee
n au
then
ticat
ed
L09
- Id
Man
& A
C
Ker
bero
s –
sim
plifi
ed p
roto
col
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 12
Ser
ver rr
Ser
ver rr
Ser
ver r
Ker
bero
s D
atab
ase
Tick
et G
rant
ing
Ser
ver
Aut
hent
icat
ion
Ser
ver
2 1
3 4 5
6 6
6 6
1 2 3 4 5
Req
uest
ser
vice
Aut
hent
icat
ion
Look
-up
user
Req
uest
tick
et
Tick
et
Ser
vice
acc
ess
with
tick
et
6
Wor
ksta
tion
(+ K
. Clie
nt)
App
licat
ion
Serv
ers
Key
D
istr
ibut
ion
Cen
ter
Ker
bero
s –
Adv
anta
ges
and
limita
tions
•Fi
rst p
ract
ical
SS
O s
olut
ion
•C
entra
lized
TTP
(Tru
sted
Thi
rd P
arty
) mod
el
•U
ses
only
sym
met
ric c
rypt
ogra
phy
•R
equi
res
Ker
bero
s cl
ient
s an
d se
rver
s +
KD
C
•O
nly
suita
ble
for o
rgan
isat
ions
und
er c
omm
on
man
agem
ent (
sing
le d
omai
n)
•D
oes
not s
cale
to v
ery
larg
e do
mai
ns
•N
ot s
uita
ble
for o
pen
envi
ronm
ents
(Int
erne
t)
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 13
Fede
rate
d m
odel
(dis
tribu
ted)
Exa
mpl
es: L
iber
ty A
llian
ce, S
AM
L2.0
, WS
-Fed
erat
ion,
Shi
bbol
eth
Lege
nd :
Ser
vice
logo
n S
ervi
ce p
rovi
sion
Id
entif
ier m
appi
ng
SP
/IdP
A
A
B
C
Fede
ratio
n D
omai
n / C
ircle
of T
rust
SP
/IdP
B
SP
/IdP
C
C
C
C
C
Aut
hent
. to
oth
er
dom
ains
Use
r ide
ntifi
er
issu
ed b
y Id
P X
A
uthe
ntic
atio
n cr
ed. m
anag
ed
by Id
P X
Id
entit
y do
mai
n
X
SP
IdP
X
Sec
urity
ass
ertio
n is
sued
by
IdP
X
X
L09
- Id
Man
& A
C
14
INF3
510
- UiO
201
4
SA
ML
prot
ocol
pro
file:
Bro
wse
r Pos
t S
ecur
ity to
ken
via
front
-end
Use
r
L09
- Id
Man
& A
C
15
INF3
510
- UiO
201
4
1
Iden
tity
Pro
vide
r A
Bro
wse
r
Ser
vice
P
rovi
der B
3
2
Fede
ratio
n ci
rcle
of t
rust
4
SA
ML
prot
ocol
pro
file:
Bro
wse
r Arte
fact
S
ecur
ity to
ken
via
back
-end
Use
r
L09
- Id
Man
& A
C
16
INF3
510
- UiO
201
4
1
Iden
tity
Pro
vide
r A
Bro
wse
r
Ser
vice
P
rovi
der B
2
3
4 A
rtefa
ct
Toke
n 5
Fede
ratio
n ci
rcle
of t
rust
6
The
arte
fact
is a
re
fere
nce
to g
et
toke
n
Fede
rate
d S
SO
•
Iden
tity
Fede
ratio
n –
A s
et o
f agr
eem
ents
, sta
ndar
ds a
nd te
chno
logi
es th
at e
nabl
e a
grou
p of
SP
s to
reco
gnis
e us
er id
entit
ies,
cre
dent
ials
& e
ntitl
emen
ts
from
ano
ther
IdP
(Ide
ntity
Pro
vide
r) o
r fro
m o
ther
SP
s •
Two
alte
rnat
ives
: 1.
Cen
tral
ized
Fed
erat
ion:
Sin
gle
user
nam
e &
cre
dent
ial f
or
acce
ssin
g al
l dom
ains
, with
cen
traliz
ed Id
P a
nd a
uthe
ntic
atio
n 2.
Dis
trib
uted
Fed
erat
ion:
Sep
arat
e us
er n
ame
& c
rede
ntia
l for
ea
ch d
omai
n, w
ith m
appi
ng b
etw
een
a us
er’s
diff
eren
t nam
es in
di
ffere
nt d
omai
ns, a
nd d
istri
bute
d Id
Ps
and
auth
entic
atio
n.
•A
uthe
ntic
atio
n by
one
IdP
or S
P is
com
mun
icat
ed a
s a
secu
rity
asse
rtion
s (c
rypt
ogra
phic
toke
n) to
oth
er S
Ps
that
tru
st a
nd a
ccep
t it
–P
rovi
des
SS
O in
ope
n en
viro
nmen
ts
L09
- Id
Man
& A
C
17
INF3
510
- UiO
201
4
Fede
rate
d S
SO
•A
dvan
tage
s –
Impr
oved
usa
bilit
y (th
eore
tical
ly)
–C
ompa
tible
with
silo
use
r-id
entit
y do
mai
ns
–A
llow
s S
Ps
to b
undl
e se
rvic
es a
nd c
olle
ct u
ser i
nfo
•D
isad
vant
ages
–
Hig
h te
chni
cal a
nd le
gal c
ompl
exity
–
Hig
h tru
st re
quire
men
ts
•E
.g. S
P-A
is te
chni
cally
abl
e to
acc
ess
SP
-B o
n us
er’s
beh
alf
–P
rivac
y is
sues
–
Uni
mag
inab
le fo
r all
SP
s to
fede
rate
, •
mul
tiple
fede
rate
d S
SO
s no
t muc
h be
tter t
han
silo
mod
el
L09
- Id
Man
& A
C
18
INF3
510
- UiO
201
4
Ope
nID
aut
hent
icat
ion
prot
ocol
- de
tails
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 19
Bro
wse
r
Ope
nId
Id
entit
y P
rovi
der
Reg
istra
tion
via
Bac
k C
hann
el 1
2
3
Req
uest
acc
ess
by p
rovi
ding
us
er’s
Id-U
RL
Red
irect
us
er to
get
to
ken
from
IdP
Get
toke
n fro
m Id
P
4 P
ost
Cre
ds
(firs
t tim
e on
ly)
Pro
vide
Cre
ds
(firs
t tim
e on
ly)
4
5 R
edire
ct to
ken
to
SP
via
brow
ser
Toke
n 6
Forw
ard
toke
n ba
ck to
SP
Toke
n
7 P
rovi
de s
ervi
ce
Ser
vice
P
rovi
der
Ope
nID
sel
f reg
istra
tion
fre
d
ba
d pa
ssw
ord
L09
- Id
Man
& A
C
20
INF3
510
- UiO
201
4
Ser
vice
Acc
ess
With
out P
assw
ord
L09
- Id
Man
& A
C
21
INF3
510
- UiO
201
4
Firs
t Tim
e S
ervi
ce A
cces
s
L09
- Id
Man
& A
C
22
INF3
510
- UiO
201
4
Ope
nID
Cha
ract
eris
tics
•S
elf r
egis
tratio
n •
Any
body
can
be
IdP
rovi
der a
nd S
erve
r, al
so y
ou
•N
ot a
ll Id
Pro
vide
rs a
re re
cogn
ised
as
”aut
horit
ies”
•
A S
P c
an s
peci
fy w
hich
IdP
s it
acce
pts
•
Not
sui
tabl
e fo
r sen
sitiv
e se
rvic
es
•Ty
pica
lly fo
r ser
vice
s th
at o
nly
requ
ire lo
w
auth
entic
atio
n as
sura
nce
•
Vul
nera
ble
to m
ultip
le fo
rms
of a
buse
L09
- Id
Man
& A
C
23
INF3
510
- UiO
201
4
Aut
hent
icat
ion
via
Face
book
Con
nect
1.U
ser r
eque
sts
serv
ice
2.R
edire
ct to
face
book
aut
hent
icat
ion
3.P
rese
nt fa
cebo
ok lo
gin
form
4.
Use
r pro
vide
s Id
+ c
rede
ntia
l 5.
Cre
dent
ials
forw
arde
d to
face
book
6.
Con
firm
aut
hent
icat
ed u
ser
7.P
rovi
de s
ervi
ce
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 24
Bro
wse
r
Ser
vice
P
rovi
der
1
2
7 4
Use
r
6
face
book
3
5
(Fel
les
Ele
ktro
nisk
Iden
titet
) •
FEID
E is
a s
yste
m fo
r Id
man
agem
ent w
ithin
the
Nor
weg
ian
natio
nal e
duca
tion
sect
or.
•U
sers
regi
ster
use
rnam
e an
d pa
ssw
ord
with
ow
n ho
me
orga
nisa
tion
•U
sers
aut
hent
icat
e to
web
-ser
vice
s vi
a FE
IDE
’s
cent
raliz
ed lo
gin
serv
ice
•Th
e S
ervi
ce P
rovi
der r
ecei
ves
user
attr
ibut
es fr
om th
e us
er’s
Hom
e In
stitu
tion
•Th
e S
ervi
ce P
rovi
ders
nev
er s
ees
the
user
’s
pass
wor
d/cr
eden
tial,
it on
ly re
ceiv
es u
ser a
ttrib
utes
that
it
need
to k
now
in o
rder
to p
rovi
de th
e se
rvic
e.
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 25
(con
tinue
d)
•FE
IDE
has
form
al a
gree
men
ts w
ith th
e un
iver
sitie
s an
d sc
hool
s be
fore
they
are
con
nect
ed
•H
ome
Inst
itutio
ns (u
nive
rsiti
es a
nd s
choo
ls) a
re
resp
onsi
ble
for k
eepi
ng u
ser d
ata
corr
ect a
nd u
p-to
-dat
e •
Ser
vice
Pro
vide
rs d
ecid
e th
emse
lves
wha
t ser
vice
s th
eir
own
user
s an
d ot
her u
sers
sho
uld
be a
ble
to a
cces
s vi
a FE
IDE
’s c
entra
l log
-in s
ervi
ce.
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 26
Sce
nario
1.U
ser r
eque
sts
acce
ss to
ser
vice
2.
Ser
vice
Pro
vide
r sen
ds a
uthe
ntic
atio
n re
ques
t to
FEID
E, a
nd d
ispl
ays
FEID
E
logi
n fo
rm to
use
r. 3.
Use
r ent
ers
nam
e an
d pa
ssw
ord
in
FEID
E lo
gin
form
, whi
ch a
re s
ent f
or
valid
atio
n to
Hom
e In
stitu
tion
of u
ser.
4.
Hom
e In
stitu
tion
conf
irms
auth
entic
us
er a
nd p
rovi
des
user
attr
ibut
es to
FE
IDE
whi
ch fo
rwar
ds th
ese
to S
P
5.S
ervi
ce P
rovi
der a
naly
ses
user
at
tribu
tes
and
prov
ides
ser
vice
ac
cord
ing
to p
olic
y
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 27
1
Ser
vice
P
rovi
der
Hom
e In
stitu
tion
of U
ser (
IdP
)
Use
r
FEID
E
(Uni
nett)
2
3 4
5
Tech
nica
l Asp
ects
•
Bas
ed o
n S
AM
L 2.
0 •
Bac
kend
aut
hent
icat
e us
ers
by u
sing
LD
AP
•
One
cen
tral i
dent
ity p
rovi
der (
IdP
) whe
re s
ervi
ce
prov
ider
s (S
Ps)
are
con
nect
ed
•S
ingl
e S
ign
On
whe
n go
ing
betw
een
serv
ices
•
Sin
gle
Log
Out
whe
n lo
ggin
g ou
t fro
m a
ser
vice
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 28
Aut
hent
icat
ion
met
hods
Id M
anag
emen
t for
Nor
weg
ian
e-G
ov.
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 29
Min
ID (A
AL
3)
Con
fides
(AA
L 4)
B
uypa
ss (A
AL
4)
Ban
kID
(AA
L 4)
SM
S P
IN (A
AL
2)
Alti
nn P
IN (A
AL
2)
Ent
erpr
ise
Id (A
AL
4)
Sel
f-Ide
ntity
(AA
L 0)
ID P
orte
n D
IFI
Alti
nn
Brø
nnøy
sund
re
gist
er &
IdP
Publ
ic s
ervi
ces
fo
r citi
zens
•
Tax
•E
mpl
oym
ent
•E
duca
tion
•N
AV (S
ocia
l Sec
.) •
etc.
Publ
ic s
ervi
ces
for
orga
niza
tions
•
Tax,
VAT
(MVA
) •
Com
pany
regi
stra
tion
•Fi
nanc
ial r
epor
ts
•S
ubsi
dies
•
etc.
Pol
itics
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 30
Intro
duct
ion
to L
ogic
al A
cces
s C
ontro
l
Sec
ret
info
P
hysi
cal A
cces
s C
ontro
l:
(not
the
them
e to
day)
Logi
cal A
cces
s C
ontr
ol:
(this
lect
ure)
Sec
ret
info
Phy
sica
l AC
Logi
cal A
C
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 31
Bas
ic c
once
pts
•A
cces
s co
ntro
l sec
urity
mod
els:
–
How
to d
efin
e w
hich
sub
ject
s ca
n ac
cess
whi
ch o
bjec
ts
with
whi
ch a
cces
s m
odes
? •
Thre
e cl
assi
cal a
ppro
ache
s –
Dis
cret
iona
ry A
cces
s C
ontro
l (D
AC
) –
Man
dato
ry a
cces
s co
ntro
l (M
AC
) –
Rol
e-B
ased
Acc
ess
Con
trol (
RB
AC
) •
Adv
ance
d ap
proa
ch fo
r dis
tribu
ted
envi
ronm
ents
: –
Attr
ibut
e-B
ased
Acc
ess
Con
trol (
AB
AC
) •
Gen
eral
isat
ion
of D
AC
, MA
C a
nd R
BA
C
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 32
Acc
ess
mod
es
•M
odes
of a
cces
s:
–A
utho
rizat
ions
spe
cify
the
acce
ss p
erm
issi
ons
of s
ubje
cts
(use
rs) w
hen
acce
ssin
g ob
ject
s (r
esou
rces
) •
If yo
u ar
e au
thor
ized
to a
cces
s a
reso
urce
, wha
t are
you
al
low
ed to
do
to th
e re
sour
ce?
–E
xam
ple:
pos
sibl
e ac
cess
per
mis
sion
s in
clud
e •
read
- ob
serv
e
•w
rite
– ob
serv
e an
d al
ter
•ex
ecut
e –
neith
er o
bser
ve n
or a
lter
•ap
pend
- al
ter
DA
C /
MA
C
Acc
ordi
ng to
the
Ora
nge
Boo
k (T
CS
EC
)
TCS
EC
(198
5) s
peci
fies
two
AC
sec
urity
mod
els
• D
iscr
etio
nary
AC
(DA
C)
–A
C p
olic
y ba
sed
on u
ser i
dent
ities
–
e.g.
Joh
n ha
s (r
,w) -
acc
ess
to H
R-fi
les
• Man
dato
ry A
C (M
AC
) –
AC
pol
icy
base
d on
sec
urity
labe
ls
–e.
g. s
ecre
t cle
aran
ce n
eede
d fo
r acc
ess
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 33
HR
Sale
s
John
r,w
Mar
y r,w
Ora
nge
Boo
k, 1
985
Sec
ret
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 34
DA
C –
Dis
cret
iona
ry A
cces
s C
ontro
l
•A
cces
s au
thor
izat
ion
is s
peci
fied
and
enfo
rced
ba
sed
on th
e id
entit
y of
the
user
. •
DA
C is
typi
cally
impl
emen
ted
with
AC
L (A
cces
s C
ontro
l Lis
ts)
•D
AC
is d
iscr
etio
nary
in th
e se
nse
that
the
owne
r of t
he re
sour
ce c
an d
ecid
e at
his
/her
di
scre
tion
who
is a
utho
rized
•
Ope
ratin
g sy
stem
s us
ing
DA
C:
– W
indo
ws
and
Linu
x
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 35
DA
C p
rinci
ples
•
AC
Mat
rix
–G
ener
al li
st o
f aut
horiz
atio
ns
–Im
prac
tical
, too
man
y em
pty
cells
•A
cces
s C
ontro
l Lis
ts (A
CL)
–
Ass
ocia
ted
with
an
obje
ct
–R
epre
sent
col
umns
from
AC
Mat
rix
–Te
lls w
ho c
an a
cces
s th
e ob
ject
•A
C li
sts �
Col
umns�
�R
ows
Obj
ects
O
1 O
2 O
3 O
4
Subject names
S1
r,w
- x
r S
2 r
- r
r,w
S3
- x
- -
S4
r,w
x x
x
AC
Mat
rix
O1
S1
r,w
S2
r S
3 -
S4
r,w
O2
S1
- S
2 -
S3
x S4
x
O3
S1
x S
2 r
S3
- S4
x
O4
S1
r S
2 r,w
S
3 -
S4
x
�A
cces
s ap
plie
d to
a d
irect
ory:
�read: l
ist c
onte
nts
of d
ir �write:
cre
ate
or re
nam
e fil
es in
dir
�execute:
sea
rch
dire
ctor
y
Eac
h fil
e an
d di
rect
ory
has
an a
ssoc
iate
d A
CL
�Th
ree
acce
ss o
pera
tions
: �read:
from
a fi
le
�write: t
o a
file
�execute: a
file
•Per
mis
sion
bits
are
gro
uped
in th
ree
trip
les
that
def
ine
read
, w
rite
, and
exe
cute
acc
ess
for
owne
r, g
roup
, and
oth
ers.
•A ‘-
’ ind
icat
es th
at th
e sp
ecifi
c ac
cess
righ
t is
not g
rant
ed.
•rw-
r--r
--
mea
ns: r
ead
and
wri
te a
cces
s fo
r th
e ow
ner,
read
acc
ess
for
grou
p, a
nd fo
r ot
hers
(wor
ld).
•rwx------
m
eans
: rea
d, w
rite
, and
exe
cute
acc
ess
for
the
owne
r, no
rig
hts
for
grou
p an
d no
rig
hts
for
othe
rs
AC
L in
Uni
x
INF3
510
- UiO
201
4 36
L0
9 - I
d M
an &
AC
Cap
abili
ties
•Fo
cus
on th
e su
bjec
ts:
–ac
cess
righ
ts s
tore
d w
ith s
ubje
cts
–R
epre
sent
s ro
ws
of A
C M
atrix
•M
ust b
e im
poss
ible
for u
sers
to
crea
te fa
ke c
apab
ilitie
s •
Sub
ject
s m
ay g
rant
ow
n ca
pabi
litie
s to
oth
er s
ubje
cts.
S
ubje
cts
may
gra
nt th
e rig
ht to
gr
ant r
ight
s.
•C
halle
nges
: –
How
to c
heck
who
may
acc
ess
a sp
ecifi
c ob
ject
? –
How
to re
voke
a c
apab
ility
?
•S
imila
r to
SA
ML
secu
rity
toke
n
INF3
510
- UiO
201
4 37
L0
9 - I
d M
an &
AC
O1
O2
O3
O4
S1
r,w
- x
r
O1
O2
O3
O4
S2
r -
r r,w
O1
O2
O3
O4
S3
- x
- -
O1
O2
O3
O4
S4
r,w
x x
x
AC
Cap
abilit
ies
�
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 38
MA
C –
Man
dato
ry A
cces
s C
ontro
l •
Acc
ess
auth
oriz
atio
n is
spe
cifie
d an
d en
forc
ed
with
sec
urity
labe
ls
–S
ecur
ity c
lear
ance
for s
ubje
cts
–C
lass
ifica
tion
leve
ls fo
r obj
ects
•
MA
C c
ompa
res
subj
ect a
nd o
bjec
t lab
els
•M
AC
is m
anda
tory
in th
e se
nse
that
use
rs d
o no
t co
ntro
l acc
ess
to th
e re
sour
ces
they
cre
ate.
•
A s
yste
m-w
ide
set o
f AC
pol
icy
rule
s fo
r su
bjec
ts a
nd o
bjec
ts d
eter
min
e m
odes
of a
cces
s •
OS
with
MA
C:
–S
E L
inux
sup
ports
MA
C
MA
C p
rinci
ples
: Lab
els
•S
ecur
ity L
abel
s ca
n be
ass
igne
d to
sub
ject
s an
d ob
ject
s –
Can
be
stric
tly o
rder
ed s
ecur
ity le
vels
, e.g
. “C
onfid
entia
l” or
“Sec
ret”
–C
an a
lso
be p
artia
lly o
rder
ed c
ateg
orie
s, e
.g. {
Sal
es-d
ep, H
R-d
ep}
•D
omin
ance
rela
tions
hip
betw
een
labe
ls
–( L
A �
LB )
mea
ns th
at la
bel L
A d
omin
ates
labe
l LB
•O
bjec
t lab
els
are
assi
gned
acc
ordi
ng to
sen
sitiv
ity
•S
ubje
ct la
bels
are
det
erm
ined
by
secu
rity
clea
ranc
e •
Acc
ess
cont
rol d
ecis
ions
are
mad
e by
com
parin
g th
e su
bjec
t la
bel w
ith th
e ob
ject
labe
l acc
ordi
ng to
spe
cific
mod
el
•M
AC
is ty
pica
lly b
ased
on
Bel
l-LaP
adul
a m
odel
(see
late
r)
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 39
ay
base
do
Obj
ect
Sub
ject
co
mpa
re
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 40
Bel
l-LaP
adul
a: T
he c
lass
ical
MA
C m
odel
SS-p
rope
rty
(Sim
ple
Secu
rity)
: No
Rea
d U
p •
A s
ubje
ct s
houl
d no
t be
able
to re
ad fi
les
with
a h
ighe
r la
bel t
han
its o
wn
labe
l, be
caus
e ot
herw
ise
it co
uld
caus
e un
auth
oriz
ed d
iscl
osur
e of
sen
sitiv
e in
form
atio
n.
•S
o yo
u sh
ould
onl
y be
abl
e to
read
doc
umen
ts w
ith a
n eq
ual o
r low
er la
bel a
s yo
ur s
ecur
ity c
lear
ance
leve
l. *-
Prop
erty
(Sta
r Pro
pert
y): N
o W
rite
Dow
n •
Sub
ject
s w
orki
ng o
n in
form
atio
n/ta
sks
at a
giv
en le
vel
shou
ld n
ot b
e al
low
ed to
writ
e to
a lo
wer
leve
l, be
caus
e ot
herw
ise
it co
uld
crea
te u
naut
horiz
ed in
form
atio
n flo
w.
•S
o yo
u sh
ould
onl
y be
abl
e w
rite
to fi
les
with
an
equa
l or
high
er la
bel a
s yo
ur s
ecur
ity c
lear
ance
leve
l.
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 41
Bel
l-LaP
adul
a (M
AC
mod
el)
SS
-Pro
perty
: No
Rea
d U
p
Secr
et
Top
Secr
et
read
read
Secr
et
Con
fiden
tial
read
Obj
ect
Labe
ls
Cur
rent
S
ubje
ct
Labe
l
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 42
Bel
l-LaP
adul
a (M
AC
mod
el)
*-P
rope
rty: N
o W
rite
Dow
n
Secr
et
Top
Secr
et
Secr
et
writ
e
writ
e
Dia
gram
Con
fiden
tial
writ
e
Obj
ect
Labe
ls
Cur
rent
S
ubje
ct
labe
l
Labe
ls in
Bel
l La
Pad
ula
•U
sers
hav
e a
clea
ranc
e le
vel L
SM (
Sub
ject
Max
leve
l) •
Use
rs lo
g on
with
a c
urre
nt c
lear
ance
leve
l LS
C (S
ubje
ct
Cur
rent
leve
l) w
here
LS
C �
LS
M
•O
bjec
ts h
ave
a se
nsiti
vity
leve
l LO (O
bjec
t)
•S
S-p
rope
rty a
llow
s re
ad a
cces
s w
hen
LSC �
LO
•*-
prop
erty
allo
ws
writ
e ac
cess
whe
n LS
C �
LO
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 43
Bel
l-LaP
adul
a la
bel r
elat
ions
hips
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 44
A
B
C
D
E
F
G
H
I
Dominance
Obj
ect l
abel
s LO
writ
e ac
cess
read
acc
ess
Sub
ject
Cur
rent
labe
l LS
C =
LO
E
Pos
sibl
e LS
C
Sub
ject
Max
labe
l (cl
eara
nce)
LS
M
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 45
Com
bine
d M
AC
& D
AC
•
Com
bini
ng a
cces
s co
ntro
l app
roac
hes:
–
A c
ombi
natio
n of
man
dato
ry a
nd d
iscr
etio
nary
acc
ess
cont
rol a
ppro
ache
s is
ofte
n us
ed
•M
AC
is a
pplie
d fir
st,
•D
AC
app
lied
seco
nd a
fter p
ositi
ve M
AC
•
Acc
ess
gran
ted
only
if b
oth
MA
C a
nd D
AC
pos
itive
–C
ombi
ned
MA
C/D
AC
ens
ures
that
•
no o
wne
r can
mak
e se
nsiti
ve in
form
atio
n av
aila
ble
to
unau
thor
ized
use
rs, a
nd
• ‘n
eed
to k
now
’ can
be
appl
ied
to li
mit
acce
ss th
at w
ould
ot
herw
ise
be g
rant
ed u
nder
man
dato
ry ru
les
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 46
RB
AC
: R
ole
Bas
ed A
cces
s C
ontro
l •
A u
ser h
as a
cces
s to
an
obje
ct b
ased
on
the
assi
gned
role
.
•R
oles
are
def
ined
bas
ed o
n jo
b fu
nctio
ns.
•P
erm
issi
ons
are
defin
ed b
ased
on
job
auth
ority
an
d re
spon
sibi
litie
s w
ithin
a jo
b fu
nctio
n.
•O
pera
tions
on
an o
bjec
t are
invo
cate
d ba
sed
on
the
perm
issi
ons.
•
The
obje
ct is
con
cern
ed w
ith th
e us
er’s
role
and
no
t the
use
r.
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 47
RB
AC
Fle
xibi
lity
Use
rs
Rol
es
Res
ourc
es
Rol
e 1
Rol
e 2
Rol
e 3
File
1
File
3
File
2
Use
r’s c
hang
e fre
quen
tly, r
oles
don
’t
•R
BA
C c
an b
e co
nfig
ured
to d
o M
AC
and
/or D
AC
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 48
RB
AC
Priv
ilege
Prin
cipl
es
•R
oles
are
eng
inee
red
base
d on
the
prin
cipl
e of
le
ast p
rivile
ge .
•
A ro
le c
onta
ins
the
min
imum
am
ount
of
perm
issi
ons
to in
stan
tiate
an
obje
ct.
•A
use
r is
assi
gned
to a
role
that
allo
ws
her t
o pe
rform
onl
y w
hat’s
requ
ired
for t
hat r
ole.
•
All
user
s w
ith th
e sa
me
role
hav
e th
e sa
me
perm
issi
ons.
AB
AC
and
XA
CM
L A
BA
C =
Attr
ibut
e B
ased
Acc
ess
Con
trol
• A
BA
C s
peci
fies
acce
ss a
utho
rizat
ions
and
app
rove
s ac
cess
thro
ugh
polic
ies
com
bine
d w
ith a
ttrib
utes
. The
po
licy
rule
s ca
n ap
ply
to a
ny ty
pe o
f attr
ibut
es (u
ser
attri
bute
s, re
sour
ce a
ttrib
ute,
con
text
attr
ibut
ed e
tc.).
• X
AC
ML
used
to e
xpre
ss A
BA
C a
ttrib
utes
and
pol
icie
s.
XAC
ML
= eX
tens
ible
Acc
ess
Con
trol
Mar
kup
Lang
uage
• T
he X
AC
ML
stan
dard
def
ines
a la
ngua
ge fo
r exp
ress
ing
acce
ss c
ontro
l attr
ibut
es a
nd p
olic
ies
impl
emen
ted
in X
ML,
an
d a
proc
essi
ng m
odel
des
crib
ing
how
to e
valu
ate
acce
ss
requ
ests
acc
ordi
ng to
the
rule
s de
fined
in p
olic
ies.
• X
AC
ML
attri
bute
s ar
e ty
pica
lly s
truct
ured
in o
ntol
ogie
s
IN
F351
0 - U
iO 2
014
49
L09
- Id
Man
& A
C
Attr
ibut
e B
ased
Acc
ess
Con
trol
•A
BA
C m
akes
AC
dec
isio
ns b
ased
on
Boo
lean
con
ditio
ns o
n at
tribu
te v
alue
s.
•Su
bjec
t, O
bjec
t, C
onte
xt, a
nd A
ctio
n co
nsis
t of a
ttrib
utes
–
Sub
ject
attr
ibut
es c
ould
be:
Nam
e, S
ex, D
OB
, Rol
e, e
tc.
–E
ach
attri
bute
s ha
s a
valu
e, e
.g.:
–(N
ame
(sub
ject
) = A
lice)
, (S
ex(s
ubje
ct) =
F),
(Rol
e(su
bjec
t) =
HR
-sta
ff),
(Acc
essT
ype(
actio
n) =
{rea
d, w
rite}
),
(Ow
ner(
obje
ct) =
HR
), (T
ype(
obje
ct) =
sal
ary)
•Th
e A
C lo
gic
anal
yses
all
(attr
ibut
e =
valu
e) tu
ples
that
are
re
quire
d by
the
rele
vant
pol
icy.
–
E.g
. per
mit
if:
[ R
ole(
subj
ect)
= H
R-s
taff)
and
(Acc
essT
ype(
actio
n) =
read
) and
(Ow
ner(
obje
ct) =
HR
) ] a
nd (T
ime(
quer
y) =
offi
ce-h
ours
) ]
50
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4
AB
AC
M
odel
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 51
AC P
olic
ies
Sub
ject
Attr
ibut
es
Obj
ect A
ttrib
utes
AB
AC
Fun
ctio
ns
• AC
dec
isio
n lo
gic
• AC
enf
orce
men
t
Con
text
C
ondi
tions
Nam
e A
ffilia
tion
Cle
aran
ce
etc.
Type
O
wne
r C
lass
ifica
tion
etc.
Pol
icy
3 P
olic
y 2
Pol
icy
1 M
eta
Pol
icy
Obj
ect
Sub
ject
2a
Acc
ess
Act
ion
Req
uest
1
2b
2c
2d
Acc
ess
3
Glo
bal C
onsi
sten
ce
•A
BA
C s
yste
ms
requ
ire a
n XM
L te
rmin
olog
y to
ex
pres
s al
l pos
sibl
e at
tribu
tes
and
thei
r val
ues,
•
Mus
t be
cons
iste
nt a
cros
s th
e en
tire
dom
ain,
–
e.g.
the
attri
bute
Rol
e an
d al
l its
pos
sibl
e va
lues
, e.g
. (R
ole(
subj
ect)
= H
R-s
taff)
, mus
t be
know
n an
d in
terp
rete
d by
all
syst
ems
in th
e A
C s
ecur
ity d
omai
n.
•R
equi
res
stan
dard
izat
ion:
–
e.g.
for a
cces
s to
med
ical
jour
nals
, med
ical
term
s m
ust b
e in
terp
rete
d in
a c
onsi
sten
t way
by
all s
yste
ms
–cu
rren
t int
erna
tiona
l wor
k on
XM
L of
med
ical
term
s •
Con
sist
ent i
nter
pret
atio
n of
attr
ibut
es a
nd v
alue
s is
a
maj
or c
halle
nge
for i
mpl
emen
ting
AB
AC
.
INF3
510
- UiO
201
4 52
L0
9 - I
d M
an &
AC
AB
AC
: + a
nd �
O
n th
e po
sitiv
e si
de:
•AB
AC
is m
uch
mor
e fle
xibl
e th
an D
AC
, MA
C o
r RB
AC
–
DA
C, M
AC
and
RB
AC
can
be
impl
emen
ted
with
AB
AC
•Can
use
any
type
of a
cces
s po
licie
s co
mbi
ned
with
an
unlim
ited
num
ber o
f attr
ibut
es
•Sui
tabl
e fo
r acc
ess
cont
rol i
n di
strib
uted
env
ironm
ents
–
e.g.
nat
iona
l e-h
ealth
net
wor
ks
On
the
nega
tive
side
: •R
equi
res
defin
ing
busi
ness
con
cept
s in
term
s of
XM
L an
d on
tolo
gies
whi
ch is
muc
h m
ore
com
plex
than
wha
t is
requ
ired
in tr
aditi
onal
DAC
, MA
C o
r RB
AC
sys
tem
s.
•Pol
itica
l alig
nmen
t and
lega
l agr
eem
ents
requ
ired
for
AB
AC
in d
istri
bute
d en
viro
nmen
ts
IN
F351
0 - U
iO 2
014
53
L09
- Id
Man
& A
C
Met
a-po
licie
s i.c
.o. i
ncon
sist
ent p
olic
ies
•S
ub-d
omai
n au
thor
ities
def
ined
thei
r ow
n po
licie
s •
Pot
entia
l for
con
flict
ing
polic
ies
–E
.g. t
wo
polic
ies
dict
ate
diffe
rent
acc
ess
deci
sion
s
•M
eta-
polic
y ru
les
need
ed in
cas
e th
e A
BA
C lo
gic
dete
cts
polic
y ru
les
that
lead
to o
ppos
ite d
ecis
ions
•
Met
a-po
licy
take
s pr
iorit
y ov
er a
ll ot
her p
olic
ies,
e.g
. –
Met
a-P
olic
y D
eny
Ove
rrid
es: I
f one
pol
icy
deni
es a
cces
s, b
ut
anot
her p
olic
y ap
prov
es a
cces
s, th
en a
cces
s is
den
ied.
Th
is is
a c
onse
rvat
ive
met
a-po
licy.
–
Met
a-P
olic
y A
ppro
ve O
verr
ides
: If o
ne p
olic
y de
nies
acc
ess,
but
an
othe
r pol
icy
appr
oves
acc
ess,
then
acc
ess
is a
ppro
ved.
–
This
is a
leni
ent m
eta-
polic
y.
IN
F351
0 - U
iO 2
014
54
L09
- Id
Man
& A
C
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 55
Web
Acc
ess
Del
egat
ion
with
OA
uth
•O
Aut
h: O
pen
Aut
horiz
atio
n
•O
Aut
h pr
ovid
es a
way
to g
rant
acc
ess
to y
our
user
dat
a st
ored
on
a sp
ecifi
c w
ebsi
te A
to a
th
ird p
arty
web
site
B, w
ithou
t nee
ding
to p
rovi
de
this
web
site
B w
ith y
our a
uthe
ntic
atio
n cr
eden
tials
for a
cces
sing
web
site
A.
Use
r aut
horiz
es a
cces
s to
ow
n ac
coun
t
•P
robl
emat
ic to
reve
al
pass
wor
d of
use
r acc
ount
on
web
site
(e.g
. Gm
ail)
to
3rd p
arty
Web
app
licat
ion
(e.g
. Lin
kedI
n), b
ecau
se
Web
app
licat
ion
coul
d ta
ke c
ontro
l ove
r use
r ac
coun
t on
that
web
site
. •
OA
uth
prov
ides
a w
ay to
au
thor
ize
3rd p
arty
Web
ap
plic
atio
n to
get
lim
ited
acce
ss to
use
r acc
ount
on
us
er’s
web
site
. •
OA
uth
is u
sed
exte
nsiv
ely
in W
eb 2
.0
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 56
With
out O
auth
. P
assw
ord
for u
ser
acco
unt o
n da
ta
reso
urce
web
site
re
veal
ed to
3rd
par
ty
Web
app
licat
ion
B
AD
With
Oau
th.
No
pass
wor
d se
nt
to 3
rd p
arty
Web
ap
plic
atio
n.
GO
OD
OA
uth
Mes
sage
Flo
w
Use
rs
Bro
wse
r 3r
d par
ty W
eb
appl
icat
ion
Dat
a re
sour
ce w
ebsi
te
GE
T w
eb a
pps
page
R
edire
ct
GE
T O
Aut
h D
ialo
g
Use
rs
Bro
wse
r 3r
d par
ty W
eb
appl
icat
ion
Dat
a re
sour
ce w
ebsi
te
302
Red
irect
GE
T w
eb a
pps
callb
ack
UR
L G
ET
/oau
th/a
utho
rize
Acc
ess
Toke
n
GE
T /m
e?ac
cess
_tok
en=.
.. A
PI R
espo
nse
Ren
der u
ser d
ata
in p
age
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaatttttttttttttttttttttttttttttttttttttttttttttttttttttttt
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrreeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooouuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccce w
ebsssssiii
ttttttttttttttttttttttttttttttttttttttttttttttttte
L09
- Id
Man
& A
C
57
INF3
510
- UiO
201
4
OA
uth
rem
arks
•O
pen
Web
Aut
horiz
atio
n (O
Aut
h) is
dev
elop
ed
with
in th
e IE
TF to
pro
vide
del
egat
ed a
cces
s au
thor
izat
ion
betw
een
Web
-bas
ed a
pplic
atio
ns.
–U
sage
for n
on-W
eb b
ased
app
licat
ions
has
bee
n pr
opos
ed a
s w
ell.
•
OA
uth
is a
rela
tivel
y re
cent
tech
nolo
gy w
hich
is
rapi
dly
evol
ving
, and
is th
eref
ore
not w
ell s
tudi
ed
from
a s
ecur
ity p
ersp
ectiv
e.
L09
- Id
Man
& A
C
INF3
510
- UiO
201
4 58
End
of l
ectu
re
Recommended