Implementation of Role-Based Delegation Model/Flat Roles (RBDM0)
|
|
- Roxanne Dickerson
- 5 years ago
- Views:
Transcription
1 Implementation of Role-Based Delegation Model/Flat Roles (RBDM0) Ezedin Barka, College of Information Technology, Alaa Aly, College of Information Technology, Wadhah Kuda imi, College of Information Technology, Kadem Hayawi College of Information Technology U.A.E. University, Al-Ain, P.O. Box: 17555, U.A.E. Abstract In the information security arena, one of the most interesting and promising techniques proposed is Role-Based Access Control (RBAC). In the last few years, much work has been done in the definition and implementation of RBAC. However, so far the concept of delegation in RBAC has not been studied. The basic idea behind delegation is that some active entity in a system delegates authority to another active entity in order to carry out some functions on behalf of the former. User delegation in RBAC is the ability of one user (called the delegating user) who is a member of the delegated role to authorize another user (called the delegate user) to become a member of the delegated role. This paper extends a series of simple but practically useful models for delegation, described in the literature by Barka and Sandhu [3], and starts the development of a scheme of prototype implementation in order to validate these models. More specifically, this paper reviews the most recent Role-Based Access Control (RBAC) Implementations, analyzes the implementation techniques used in other forms of delegations (other than the human-to-human delegation), and designes and develops prototype implementations of user-to-user role delegation based on the Role-Based Delegation Models, in flat roles (RBDM0), and in hierarchical roles (RBDM1). Keywords: Access Control, Temporary Self-Acted "Role" Delegation, Permanent "Role" Delegation, Revocation. RBAC, LDAP, X.509 (Certificate), XML, Authentication, Authorization. 1. INTRODUCTION In recent years significant work has been done on role-based based access control model, most of which has provided extensions to the model to address areas like constraints and delegations. Barka and Sandhu [3] presented a comprehensive approach to role-based delegation. More specifically, they identified the characteristics related to delegation, which can be used to develop delegation models. They used a systematic approach to reduce a large number of possible cases to smaller sensible ones, formally defined and developed some delegation models using roles based on those cases. In this paper, we were motivated by the need to carry out this work further and develop a prototype implementation of the role-based delegation models developed by Barka and Sandhu in order to validate these models and to show how they can be implemented in today's corporate networks. To avoid starting from zero, we have decided to study some of several works that have been done in the area of RBAC implementation and use them for our implementation of role-based delegation models [10], [13], [3], [4], [11], etc. We have adopted the PERMIS model [13] to start our work. The main idea of the PERMIS model is that user s role is stored in ACs, access control decisions are driven by an authorization policy, and the authorization policy is also stored in an AC. We have developed a delegation control engine that can make decisions according to a delegation policy. A demo system has also been developed. We emphasis that the scope of our work is to address the authorization of delegation only and not controlling the access (access control decisions are assumed to be addressed by RBAC). This paper is organized as follow ing: Section 2 overviews RBAC, RBDM, LDAP, and the PERMIS technologies. Section 3 describes our approach while Section 4 describes the demo system. Finally, Section 5 summarizes the conclusions and mentions some future work. CIT - 90 The Sixth Annual U.A.E. University Research Conference
2 2. Basic Technologies Used 2.1 Role Based Access Control (RBAC) College of Information Technology Role-based access control (RBAC) is well known and recognized as one of the most efficient models for controlling access in large organizations. The RBAC96 model, which was developed by Sandhu, et al.[10], is based on three sets of entities called Users (U), Roles (R), and Permissions (P) (see Figure 1). A user (U) is a human being or an autonomous agent. A role (R) is a job title or a job function in the organization with associated semantics concerning responsibility and authority. A permission (P) is a description of the type of authorized interactions a subject can have with one or more objects. Access control policy is embodied in RABC components such as user-role, role-permission, and role-role relationships. These RBAC components determine whether a particular user is allowed access to a specific piece of system data. A user can be assigned many roles, and a role can be assigned to many users. The many-to-many assignment relation User -Assignment (UA) captures this property. A role can be assigned many permissions, and permission can be assigned to many roles. The many-to-many assignment relation Permission -Assignment (PA) captures this property.. RH Role Hierarchy U Users UA User Assignment PA Permission Assignment R Roles P Permissions Constraints Fig. 1: Simplified Version of RBAC96 Model Definition 1.1: The RBAC96 model has the following components: 1. U, R, P, which are, respectively, the sets of users, roles, and permissions. 2. UA U x R, which is a many -to-many User -Assignment relation assigning a user to roles. 3. PA P x R, which is a many-to-many, Permission -Assignment relation assigning permissions to roles. 4. RH P x R is a partial order on R called role hierarchy. We have omitted the session concept from RBAC96 for simplicity, since it is not relevant to the work in this paper. The Sixth Annual U.A.E. University Research Conference CIT - 91
3 2.2 Role-Based Delegation Models (RBDM) In today's business environment, most organizations have some policies and rules that control these policies. Among these rules is what is known as delegation. The basic idea behind delegation is that some active entity in a system delegates authority to another active entity to carry out some functions on behalf of the former. Delegation in computers can be human-to-human, human-to-machine, machine-to-machine, and perhaps even machine-to-human. Most delegation models in the literature address human-to-machine and machine-to-machine delegation [3]. The role-based delegation models (RBDMs) focus is on human-tohuman delegation. Specifically, consider the ability of a user who belongs to a certain role to delegate a role "an authority" to another user who belongs to another role. For example, a professor in a university who is also a member in an advising committee role can delegate his/her membership in the advising committee role to another professor who belongs to another committee role. This delegation can take the form of being either permanent or temporary delegation. Moreover, the same professor can delegate only part of his/her professor role (i.e. instructor) to his/her assistant. This delegation can be only temporary. The RBDM took a comprehensive approach towards analyzing the problem of delegation. It began by identifying a number of characteristics related to delegation between humans, used these characteristics to create an exhaustive combination of possible delegation cases, developed a framework (described in the following sub-section) for building good cases that can be used for developing potential role-based delegation models, and lastly, developed some models, based on this framework, to illustrate how to implement delegation policies based on RBAC [3]. This work involved the investigation and formalization of role-based delegation models using nine different delegation characteristics RBDM Framework development approach In RBDM, the approach to develop a framework for identifying interesting cases that can be used for building role-based delegation models between humans began with the identification of a number of characteristics related to delegation between humans. The identified characteristics comprise permanence, monotonicity, totality, administration, levels of delegation, multiple delegation, lateral agreements, cascading revocation, and grant -dependency revocation. Trying to address every characteristic as mutually exclusive is a formidable task, and it can be very complicated. Therefore, a systematic approach was used in order to reduce the large number of possible cases. These reduced cases, which can be useful in business today, were used later to build delegation models. More definition and detailed explanation of these terms are provided in [2],[3] Reduction Approach Usin g different combinations of the above characteristics will give us a very large number of possible modes in which to perform delegation. Therefore, a systematic approach was pursued in order to reduce this large number of cases into a smaller number of useful ones. The following explains the framework used to identify the useful cases for developing role-based delegation modes. First, partitioned delegation based on its permanence (permanent or temporary delegation). We believe it is useful to develop delegation models that support the implementations of the permanent and temporary delegation policies. We further partitioned both the permanent and temporary delegations. The permanent delegation was partitioned based on its monotonicity, whereas the temporary delegation was partitioned based on its level of delegation. Finally, we partitioned single step delegation of the temporary delegation based on its monotonicity. After the partitioning was done, we then added the rest of the characteristics (one at a time) to each node and tested for combinations that are useful in business today and that can be used in developing delegation models. Figure 2 shows the combinations that appear useful in practice. On the permanent side, we could make the claim that there is one clear path that can be followed to develop a delegation model. That path includes the following characteristics: permanent, non-monotonic, self-acted, and total and multi-step delegation. Other characteristics do not have much effect on the model and were therefore ignored. On the temporary side, however, there are a number of possibilities; therefore, we have to make some simplification in order to identify useful combinations and ultimately to allow us to develop one comprehensive model for formulating user-to-user delegation. The simplification is to eliminate multi-step delegation, given that dealing with multi-step delegation is a very complicated issue. CIT - 92 The Sixth Annual U.A.E. University Research Conference
4 Delegation College of Information Technology Permanent Temporary Non-monotonic Monotonic Single step Multi-step Self-acted Total Monotonic Non-Monotonic (eliminated) Others not relevant Self Total/Partial Agent Partial G.D. revocation G.Ind. revocation Cascading R. Cascading R. Multi-delegation. (Comprehensive Model) 2.3 Lightweight Directory Access Protocol (LDAP) Fig.2: Framework for Role-Based Delegation Models User information is often a fragment across the enterprise. It leads to data that are redundant, inconsistent, and expensive to manage. Directories are viewed as one of the best mechanisms to make enterprise information available to multiple different systems within an organization. Directories also make it possible for organizations to access information over the Internet. LDAP is short for Lightweight Directory Access Protocol, a set of protocols for accessing information directories. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler. And unlike X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access. Because it's a simpler version of X.500, LDAP is sometimes called X.500-lite [13]. Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information, such as addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory. LDAP has many other advantages such as quick and advanced search, quick response, easy maintenance and a hierarchy view of data. Besides, LDAP server can be used in a large-scale network system over Transmission Control Protocol (TCP) / Internet protocol (IP) as well as in a distributed system. It also can be utilized to many other applications [11, 13 ]. 2.4 PERMIS PERMIS is an authorisation infrastructure from the European Commission (EC) funded PrivilEge and Role Management Infrastructure Standards validation (PERMIS) project [Permis]. The work was done at the Information Security Institute of University of Salford, UK. Its objective is to implement an X.509 role based Privilege Management Infrastructure (PMI), and it concentrates on solving identification and authorization problems [4], [13]. The Sixth Annual U.A.E. University Research Conference CIT - 93
5 The PERMIS PMI architecture comprises a privilege allocation subsystem and a privilege verification subsystem. The privilege allocation subsystem is responsible for allocating privileges to the users. The privilege verification subsystem is responsible for authenticating and authorizing the users. PERMIS PMI uses X.509 attribute certificates (ACs) to store the users roles. All access control decisions are driven by an authorization policy, which is itself stored in an X.509 AC guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorization policies are written in XML according to a DTD, that has been publishing at XML.org. Authentication is performed in an application-specific manner, but authorization is performed in an application-independent manner according to the PERMIS RBAC authorization policy. In this way one policy can control access to all resources in a domain [4], [13]. 3. Implementation 3.1. System Overview Our delegation system, which is based on the PERMIS RBAC implementation, has been developed in order to facilitate the delegation of permissions from a user who is a member of a certain role to another user who is a member of another role in order for the later to do some work on behalf of the former. This is done within the framework of RBAC96, which means that what is being delegated is actually a role, and the authorization for delegation is also role-based. Our system uses X.509 Public key certificates (PKCs) and X.509 attribute certificates (ACs) to store the user's roles. The PKCs and ACs are stored as one or more LDAP directories. The authentication is implemented using each user's PKC and AC, and the delegation authorization is implemented using a can-delegate relation, which is written in JAVA. This can-delegate relation is a function that works on the delegation policies, and the subject and role policies expressed in XML. All access control authorizations are assumed to be handled through RBAC, hence are kept out of the scope of our implementation 3.2 Delegation system major Components The basic components of the RBDM system as depicted in Fig. 3 are: - Administration tool This tool, which is part of the PERMIS Implementation, is responsible for creating key pairs and their public key certificates ; creating a role attribute certificate and assigning it to a user through, binding it to a user s public key certificate; inserting a XML format access control policy into a policy attribute certificate and binds it to Source Of Authorities (SOA s) public key certificate. And creating user entity in a LDAP server in order to manage the user's public key certificates and other information. - Policy Editor It is a PERMIS graphical user interface to generate an XML file for the RBAC policy. It also includes LDAP entries for subjects, roles, actions and resources. - Privilege Allocater It is also a PERMIS tool used for viewing, creating and editing Attribute Certificates based on X.509 standard and conformant to the ITU-T X.509 Recommendation. The Privilege Allocater takes an XML policy file, produced by the Policy Editor tool, as its input and generates the Attribute Certificates described above [4]. - Delegation Function This function decides if user (say Alice) who belongs to a certain role can delegate his role (say role X) to another user (say Bob) who is a member of another role. In our implementation, User Alice is called the Delegating User, user Bob is called the Delegated user and role X is called the Delegated role. The inputs to this function are the LDAP entries for the users and the role, and the output is the decision on whether the delegation is authorized or not based on the RBDM model delegation policy. - Web Server this web server is used for user authentication. To request delegation, a user must first connect to this web server via his browser and uploads his signature file to server side for authentication. After passing the authentication process, he can submit his delegation request. - Access Control Engine This type of an engine is part of all RBAC implementation using PERMIS. It is mentioned here only because our implantation is based on RBAC, and the ultimate goal for our delegation is to allow a delegate user to access some system resource, that is controlled by some access control engine, on behalf of the delegating user. during runtime the Access Control Engine is the center of all processes, first it authenticates the delegate user with the user's PKC, second it get the user's ACs, then gets the user s roles from his ACs. It will make the decision on whether the role has the right to CIT - 94 The Sixth Annual U.A.E. University Research Conference
6 access the target recourse according to a policy or not, and in case of permission, it will access the target and return the result to the user [ITU-T,]. - System Resources. All system data stored on a Web server, data server, file system or some other format data resources. Policy ACs Role ACs Administration Tool Delegation Function RBAC Access Control Engine System Resources Users Roles Fig. 3: Overview of the Delegation system 3.3 Delegation Protocol The delegation protocol can be expressed as shown in Figure 4. When a user wants to delegate some right to another user the following steps/ exchanges are executed: - User authentication: First, through RBAC authentication, the user uploads his signature to some access control engine to be authenticated. Once the user passes the authentication, a session will be set for him if he is a valid user. - Delegation request: The delegating subject submits a delegation request to a delegation server (message 1). This message contains the delegating user LDAP entry, the role to be delegated and the delegated user LDAP entry. - Verification exchange (message 2): This exchange takes place between the delegation server and some authentication entity within the access control engine. In this exchange, the delegation function passes the delegating user LDAP DN entry to the authentication entity in order to verify that the user is legitimate. - Delegation decision (message 4): Once the requesting subject is authenticated (message 3), The server then retrieves delegating user s AC and delegated user s AC, and checks if this delegation is permitted against the delegation policy. - Delegation establishment: The administrator updates the role credentials for the delegated user to include the delegated role. This is done by modifying the AC of the delegated user. - Access to system resources: upon the establishment of delegation, t he delegated user will be allowed by the Access Control Engine to access the system resource according the permissions assigned to the newly delegated role. The Sixth Annual U.A.E. University Research Conference CIT - 95
7 Authentication 2. Authentication exchange Delegation Server 3. Policy checking Delegation Policy 1. Delegation Request 4. Delegation Decision Delegating Role Delegation Target (Delegate) Role Access Control Engine Access System Resources Fig.4: Overview of the Delegation Protocol 4. Demo System 4.1. Demo System overview Our delegation demo system was developed in order to illustrate how our approach addresses how our developed delegation models can be implemented in real world. We use the example of the engineering organization (see Figure 5) to simulate a real world scenario. It is basically an organization with a hierarchical structure. At the bottom is all the employees that belong to the organization, and which have assess to all organization public resources. At the top is the director, who inherits the access rights of all users in all roles inside the organization. In between there are other roles which will have access to system resources depending on their place within the hierarchy. For example, a member of the engineering role (E1) can access (in addition to the public resource) only the resources that are assigned to the (E1) role. The Quality engineering role member can access (in addition to the public information and the resources assigned to E1) the resources assigned to QE1, and so on. CIT - 96 The Sixth Annual U.A.E. University Research Conference
8 Director Project lead 1 Project lead 2 Production Quality Production Quality Engineer 1 Engineer 1 Engineer 2 Engineer 2 (PE1) (QE1) (PE2) (QE2) Engineer 1 Engineer 2 Engineering Department (ED) Employee (E) Fig.5: An Example Role Hierarchy XML Role Hierarchy The Organizational Role Hierarchy shown in [Figure 5] has been represented in an XML file. Each role is assigned a value which is the name of the role. The inter-relationships among the roles in the engineering organization fall into two different classes: Superior Role (SupRole) and Subordinate Role (SubRole). For example, a Director user has a role value of Director and it has a SupRole inter-relationship with ProjectLead1 and ProjectLead2. Notice that the Director is at the top of the role hierarchy so it has no superior. On the other hand, ProjectLead1 and ProjectLead2 users have role values of ProjectLead1 and ProjectLead2 respectively and a SubRole inter-relationship with the Director. In turn, ProjectLead1 has SupRole inter-relationship with both ProductionEngineer1 and QualityEngineer1. Also, ProjectLead2 has SupRole inter-relationship with both ProductionEngineer2 and QualityEngineer2. Another example, opposite to the Director role is the Employee role, which is at the bottom of the hierarchy and does not have any subordinates. A sample of the XML file is depicted in [Figure 6]. <RoleHierarchyPolicy> <RoleSpec OID=" " Type="permisRole"> <SupRole Value="Director"> <SubRole Value="ProjectLead1"/> <SubRole Value="ProjectLead2"/> <SupRole Value="ProjectLead1"> <SubRole Value="ProductionEngineer1"/> <SubRole Value="QualityEngineer1"/> <SupRole Value="ProjectLead2"> <SubRole Value="ProductionEngineer2"/> <SubRole Value="QualityEngineer2"/> <SupRole Value="ProductionEngineer1"> <SubRole Value="Engineer1"/> <SupRole Value="ProductionEngineer2"> <SubRole Value="Engineer2"/> <SupRole Value="QualityEngineer1"> <SubRole Value="Engineer1"/> The Sixth Annual U.A.E. University Research Conference CIT - 97
9 <SupRole Value="QualityEngineer2"> <SubRole Value="Engineer2"/> <SupRole Value="Engineer1"> <SubRole Value="EngineeringDept"/> <SupRole Value="Engineer2"> <SubRole Value="EngineeringDept"/> <SupRole Value="EngineeringDept"> <SubRole Value="Employee"/> <SupRole Value="Employee"/> </RoleSpec> </RoleHierarchyPolicy> Fig.6: XML Role Hierarchy Policy and Users Attribute Certificates To provide a strong binding between the user s name and its roles, an attribute certificate should be created for each user by the Privilege Allocater tool. In addition an attribute certificate is created for the whole XML policy to establish a strong binding among the rules of assigning roles to users Role Extraction The Graphical User Interface of our implementation collects the following data: Delegating user LDAP DN entry, delegated user LDAP DN entry and the value of the role to be delegated. This data is used by the role extraction function to retrieve the role credentials of each user from his/her attribute certificate. The retrieved role credentials reference a node in the role hierarchy. This is important in making the delegation decision as explained next Delegation policy The delegation policy used is the RBDM policy (Can-Delegate function) explained in [3]. Now that we have a referenced node for the delegating and delegated users role credentials, we can test the inter-relationships between them. There are three conditions to check before making the delegation authorization decisions: First Condition: Check if delegating role-node is superior to delegated role-node in the hierarchy. If this case is true it will make the delegation authorized. For example, the delegation is authorized to the Director user for his/her delegation reques t regarding his/her role to ProjectLead1 user. Second Condition: Check whether the role to be delegated by the delegating user is an original or a delegated role. The delegation is authorized only for original roles. For example, ProjectLead1 user has his/her own original role Projectlead1 and its delegated role Director. The delegation function will authorize the delegation for the original role (Projectlead1) and does not authorize it for the delegated role (Director). Third Condition: Check if the delegating role-node and delegated role-node are non-comparable (meaning they are at the same level in the hierarchy), in which case, delegation is authorized. For example, ProjectLead1 user can delegate his/her original role to ProjectLead2 user). Anot her example, QualityEngineer1 cannot delegate his/her original role to QualityEngineer2 user, because although they are on the same level, they belong to two different projects. CIT - 98 The Sixth Annual U.A.E. University Research Conference
10 CONCLUSION In this paper, we reviewed the most recent Role-Based Access Control (RBAC) implementations, analyzed the implementation techniques used in other forms of delegations, and developed prototype implementations of user-to-user role delegation based on Role-Based Delegation Model in flat roles (RBDM0) and hierarchical roles (RBDM1). We used the well known and proven LDAP to store user information. We also developed an authorization function (delegation function), using Java, in order to add some control over our delegation. Through this implementation, we have shown that our role-based delegation models can work on the real world environment. Our future work will include implementing the rest of the RBDM models, and multi-step delegation. ACKNOWLEDGEMENT This work was financially supported by the Research Affairs at the UAE University under a contract no /04. The investigator would also like to express his gratitude to the student Waleed Al Ali for his diligent work through out our project. REFERENCES [1] Martin Abadi, Michael Burrows, Butler Lampson and Gordon Plotkin. A calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, Vol. 15, No 4, September 1993, pages [2] Ezedin Barka and Ravi Sandhu. A Role-based Delegation Model and Some Extensions. Proceedings of 23rd National Information Systems Security Conference, Pages , Baltimore, Oct , 2000 [3] Ezedin Barka and Ravi Sandhu. Framework for Role-Based Delegation Models. In Proceedings of 16th Annual Computer Security Application Conference, New Orleans, LA, December [4] D.W. Chadwick, A. Otenko, The PERMIS X.509 role based privilege management infrastructure, Future Generation Computer Systems, Volume 19, Issue 2, February 2003, Pages [5] David Ferriaolo and Richard Kuhn. Role-based access controls. In Proceedings of 15th NIST-NCSC National Computer Security Conference, pages , Baltimore, MD, October [6] Morrie Gasser, Ellen McDermott. An Architecture for practical Delegation in a Distribut ed System IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, CA. May 7-9, [7] B.W. Lampson, Protection. 5th Princeton Symposium on information science and systems. Pages [8] J.S. Park, R. Sandhu, G. Ahn, Role-based access control on the web, ACM Transactions on Information and System Security, 4 (1) (2001) [9] Ravi Sandhu and Venkata Bhamidipati. Role-based administration of user-role assignment: The UR97 model and its Oracle implementation. In Proceedings of IFIP WG11.3 Workshop on Data Security. August, [10] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, February [11] OpenLDAP, the Open Source Lightweight Directory Access Protocol (LDAP), [12] Rec X.812 (1995) ISO/IEC :1996 Security Frameworks for open systems: Access control framework, [13] Wei Zhou, Christoph Meinel: Implement Role-Based Access Control with Attribute Certificates Universität Trier, Mathematik/Informatik, Forschungsbericht 03-03: (2003) The Sixth Annual U.A.E. University Research Conference CIT - 99
Expires: 11 October April 2002
Internet-Draft AAAarch RG Intended Category: Informational David Chadwick University of Salford Expires: 11 October 2002 11 April 2002 The PERMIS X.509 Based Privilege Management Infrastructure
More informationPERMIS PMI. David Chadwick. 7 November TrueTrust Ltd 1
PERMIS PMI David Chadwick 7 November 2001 2001 TrueTrust Ltd 1 X.812 ISO 10181 Access Control Framework Initiator Submit Access Request AEF Present Access Request Target Decision Request Decision ADF 7
More informationInformation Security CS 526
Information Security CS 526 Topic 23: Role Based Access Control CS526 Topic 23: RBAC 1 Readings for This Lecture RBAC96 Family R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access
More informationAuthorization and Certificates: Are We Pushing When We Should Be Pulling?
Authorization and Certificates: Are We Pushing When We Should Be Pulling? Jason Crampton Hemanth Khambhammettu Information Security Group, Royal Holloway, University of London Egham, TW20 0EX, United Kingdom
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationPERMIS An Application Independent Authorisation Infrastructure. David Chadwick
PERMIS An Application Independent Authorisation Infrastructure David Chadwick Role/Attribute Based Access Control Model Hierarchical Role based Access Control (RBAC) Permissions are allocated to roles/attributes
More informationAccess Control Models Part II
Access Control Models Part II CERIAS and CS &ECE Departments Pag. 1 Introduction Other models: The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is sometimes
More informationRole-Evolution in Role-based Access Control System Suganthy. A * Department of Banking Technology Pondicherry University, Puducherry, India
International Journal of Emerging Research in Management &Technology Research Article July 2017 -Evolution in -based Access Control System Suganthy. A * Department of Banking Technology Pondicherry University,
More informationSecure Role-Based Workflow Models
Secure Role-Based Workflow Models Savith Kandala and Ravi Sandhu Savith Kandala Ravi Sandhu CygnaCom Solutions. SingleSignOn.Net and George Mason University (An Entrust Technologies Company) Dept. of Information
More informationRBAC POLICIES IN XML FOR X.509 BASED PRIVILEGE MANAGEMENT
3 RBAC POLICIES IN XML FOR X.509 BASED PRIVILEGE MANAGEMENT D.W.Chadwick, A. Otenko University of Salford Abstract: Key words: This paper describes a role based access control policy template for use by
More informationAnalysis of TRBAC with Dynamic Temporal Role Hierarchies
Analysis of TRBAC with Dynamic Temporal Role Hierarchies Emre Uzun 1, Vijayalakshmi Atluri 2, Jaideep Vaidya 1, and Shamik Sural 3 1 MSIS Department, Rutgers Business School, USA {emreu,jsvaidya}@cimic.rutgers.edu
More informationCS590U Access Control: Theory and Practice. Lecture 12 (February 23) Role Based Access Control
CS590U Access Control: Theory and Practice Lecture 12 (February 23) Role Based Access Control Role-Based Access Control Models. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. IEEE Computer,
More informationData Security and Privacy. Topic 8: Role Based Access Control
Data Security and Privacy Topic 8: Role Based Access Control Plan for this lecture CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor:
More informationTECHNICAL SPECIFICATION
TECHNICAL SPECIFICATION IEC/TS 62351-8 Edition 1.0 2011-09 colour inside Power systems management and associated information exchange Data and communications security Part 8: Role-based access control
More informationAdvanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96
Advanced Access Control In many cases, identity is a bad criteria for authorization. We examine two modern paradigms for access control, which overcome this limitation: 1. Role-Based Access Control 2.
More informationExtended RBAC With Blob Storage On Cloud
Extended RBAC With Blob Storage On Cloud Mamoon Rashid Research Scholar Department Of Computer Science Engineering Ramgharia Institute of Engineering and Technology Phagwara, Punjab, India. Email: mamoon873@gmail.com.
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationAn Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC
An Object-Dependent and Context Constraints-Aware Access Control Approach Based on RBAC Xiaoli Ren, Lu Liu and Chenggong Lv School of Economics & Management, Beihang University, Beijing 100083, P.R. China
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationOASIS: Architecture, Model and Management of Policy
OASIS: Architecture, Model and Management of Policy Ken Moody Computer Laboratory, University of Cambridge 1 Overview OASIS : Architecture, Model and Policy 1. background to the research people, projects
More informationIntroduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations,
Preface p. xv Acknowledgments p. xvii Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations, and permissions
More informationA Context-sensitive Access Control Model and Prototype Implementation
A Context-sensitive Access Control Model and Prototype Implementation Damian G. Cholewka 1, Reinhardt A. Botha 2, Jan H.P. Eloff 1 1 Rand Afrikaans University, Johannesburg, South Africa 2 Port Elizabeth
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationAccess Control for Shared Resources
Access Control for Shared Resources Erik Wilde and Nick Nabholz Computer Engineering and Networks Laboratory (TIK) Swiss Federal Institute of Technology (ETH Zürich) Abstract Access control for shared
More information2002 Journal of Software
1000-9825/2002/13(01)0092-07 2002 Journal of Software Vol13, No1,, (,100871) E-mail {zouwei,sjs,sunyc}@cspkueducn http//wwwpkueducn,,,,, ; ; ; TP311 A, (component-based software development, CBSD) CBSD,,,,
More informationRevocation Schemes for Delegated Authorities
Revocation Schemes for Delegated Authorities Babak Sadighi Firozabadi 1 and Marek Sergot 2 1 Swedish Institute of Computer Science (SICS) babak@sics.se 2 Imperial College of Science, Technology and Medicine
More informationRB-GACA: A RBAC based Grid Access Control Architecture
RB-GACA: A RBAC based Grid Access Control Architecture Weizhong Qiang, Hai Jin, Xuanhua Shi, Deqing Zou, Hao Zhang Cluster and Grid Computing Lab Huazhong University of Science and Technology, Wuhan, 430074,
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationPerformance Evaluation of A Role Based Access Control Constraints in Role Mining Using Cardinality
Performance Evaluation of A Role Based Access Control Constraints in Role Mining Using Cardinality Yogita R. More 1, Dr. S. V. Gumaste 2 PG Scholar, Dept.Of Computer Engineering, GES's R. H. Sapat COE,
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM
Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM Rohini Vidhate, V. D. Shinde Abstract With the rapid developments occurring in cloud computing and services, there has been
More informationUNICORE Globus: Interoperability of Grid Infrastructures
UNICORE : Interoperability of Grid Infrastructures Michael Rambadt Philipp Wieder Central Institute for Applied Mathematics (ZAM) Research Centre Juelich D 52425 Juelich, Germany Phone: +49 2461 612057
More informationRole-based administration of user-role assignment: The URA97 model and its Oracle implementation
Journal of Computer Security 7 (1999) 317 342 317 IOS Press Role-based administration of user-role assignment: The URA97 model and its Oracle implementation Ravi Sandhu and Venkata Bhamidipati Laboratory
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationMODIFYING LDAP TO SUPPORT PKI
MODIFYING LDAP TO SUPPORT PKI D.W.Chadwick, E. Ball, M.V. Sahalayev University of Salford Abstract: Key words: One of the impediments to a successful roll out of public key infrastructures (PKIs), is that
More informationRBAC: Motivations. Users: Permissions:
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationT-RBAC based Multi-domain Access Control Method in Cloud
T-RBAC based Multi-domain Access Control Method in Cloud Dapeng Xiong, Liang Chen Academy of Equipment,Beijing 101416,China E-mail: xiongdapeng@outlook.com, 252958524@qq.com Received: November 6, 2016
More informationDirector (DIR) Engineer 1 (E1) Engineer 2 (E2) Project 1 Project 2 Engineering Department (ED) Employee (E) Senior Security Officer (SSO)
Proceedings of 3rd ACM Workshop on Role-Based Access Control, Fairfax, Virginia, October 22-23, 1998 Decentralized User-Role Assignment for Web-based Intranets Ravi Sandhu and Joon S. Park Laboratory for
More informationAttribute based Access Control Model for Multi- Mission Data in Space Ground System
Attribute based Access Control Model for Multi- Mission Data in Space Ground System Somdatta Nath somdatta.nath@gd-ms.com 2015 by GDMS. Published by The Aerospace Corporation with permission. Overview
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationA Guanxi Shibboleth based Security Infrastructure for e-social Science
A Guanxi Shibboleth based Security Infrastructure for e-social Science Wei Jie 1 Alistair Young 2 Junaid Arshad 3 June Finch 1 Rob Procter 1 Andy Turner 3 1 University of Manchester, UK 2 UHI Millennium
More informationAdministration of RBAC
Administration of RBAC ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Fall 2005 RBAC 3 : RBAC 0 + RH + Constraints Role Hierarchy (RH) User-Role Assignment (UA)
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationTowards Modal Logic Formalization of Role-Based Access Control with Object Classes
Towards Modal Logic Formalization of Role-Based Access Control with Object Classes Junghwa Chae École Polytechnique de Montréal Montréal, Québec, Canada chae@cse.concordia.ca Abstract. This paper addresses
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationCanada Education Savings Program (CESP) Data Interface Operations and Connectivity
(CESP) Version Number: 7.0 Version Date: November 24, 2016 Version History Version Release Date Description R 1.0 September 30, 1998 Initial version for HRSDC internal reviews. D 2.0 March 15, 1999 Ongoing
More informationThe R BAC96 RBAC96 M odel Model Prof. Ravi Sandhu
The RBAC96 Model Prof. Ravi Sandhu WHAT IS RBAC? multidimensional open ended ranges from simple to sophisticated 2 WHAT IS THE POLICY IN RBAC? LBAC is policy driven: one-directional information flow in
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationCisco TelePresence Authenticating Cisco VCS Accounts Using LDAP
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.2 D14465.07 June 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration
More informationTrustworthiness Based Authorization on WWW
CERIAS Tech Report 2002-08 Trustworthiness Based Authorization on WWW Y. Zong, B. Bhargava, M. Mahoui Center for Education and Research in Information Assurance and Security & Department of Computer Science,
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9594-8 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Publickey and attribute certificate frameworks Technologies de l'information
More informationAn Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 49-61 (2006) An Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model CUNGANG
More informationING Corporate PKI G3 Internal Certificate Policy
ING Corporate PKI G3 Internal Certificate Policy Version 1.0 March 2018 ING Corporate PKI Service Centre Final Version 1.0 Document information Commissioned by Additional copies of this document ING Corporate
More informationPolicy Storage for Role-Based Access Control Systems
Policy Storage for Role-Based Access Control Systems András Belokosztolszki, David M. Eyers, Wei Wang, Ken Moody University of Cambridge Computer Laboratory JJ Thomson Avenue, Cambridge, United Kingdom
More informationINHERITANCE PROPERTIES OF ROLE HIERARCHIES. W.A. Jansen National Institute of Standards and Technology Gaithersburg, MD 20899, USA
INHERITANCE PROPERTIES OF ROLE HIERARCHIES W.A. Jansen National Institute of Standards and Technology Gaithersburg, MD 20899, USA wjansen@nist.gov Abstract: Role Based Access Control (RBAC) refers to a
More informationPublic Key Infrastructure
Public Key Infrastructure Ed Crowley Summer 11 1 Topics Public Key Infrastructure Defined PKI Overview PKI Architecture Trust Models Components X.509 Certificates X.500 LDAP 2 Public Key Infrastructure
More informationEfficient Role Based Access Control Method in Wireless Environment
Efficient Role Based Access Control Method in Wireless Environment Song-hwa Chae 1, Wonil Kim 2, and Dong-kyoo Kim 3* 1 1 Graduate School of Information and Communication, Ajou University, Suwon, Korea
More informationFormal Specification for Role Based Access Control User/Role and Role/Role Relationship Management
Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management Serban I. Gavrila VDG Inc. 6009 Brookside Drive Chevy Chase, MD 20815 gavrila@csmes.ncsl.nist.gov John
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD This is a preview - click here to buy the full publication ISO/IEC 9594-8 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 8: frameworks
More informationDEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS
DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS Igor Balabine, Arne Koschel IONA Technologies, PLC 2350 Mission College Blvd #1200 Santa Clara, CA 95054 USA {igor.balabine, arne.koschel}
More informationCanada Education Savings Program
Version Number: 5.0 Version Date: August 6, 2007 Version History Version Release Date Description R 1.0 September 30, 1998 Initial version for HRSDC internal reviews. D 2.0 March 15, 1999 Ongoing updates.
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationAccess Control Part 1 CCM 4350
Access Control Part 1 CCM 4350 Overview of Access Control Lectures Three Lectures on Access Control following D. Gollmann. Computer Security. Wiley: Chapter 4. Part 1: Authorisation and Access Operation
More informationSOA S90-20A. SOA Security Lab. Download Full Version :
SOA S90-20A SOA Security Lab Download Full Version : https://killexams.com/pass4sure/exam-detail/s90-20a protocol. Before invoking Service A, Service Consumer A must request a ticket granting ticket and
More informationScalable, Reliable Marshalling and Organization of Distributed Large Scale Data Onto Enterprise Storage Environments *
Scalable, Reliable Marshalling and Organization of Distributed Large Scale Data Onto Enterprise Storage Environments * Joesph JaJa joseph@ Mike Smorul toaster@ Fritz McCall fmccall@ Yang Wang wpwy@ Institute
More informationDAMAGE DISCOVERY IN DISTRIBUTED DATABASE SYSTEMS
DAMAGE DISCOVERY IN DISTRIBUTED DATABASE SYSTEMS Yanjun Zuo and Brajendra Panda Abstract Damage assessment and recovery in a distributed database system in a post information attack detection scenario
More informationA Framework for Distributed Authorization*
A Framework for Distributed Authorization* (Extended Abstract) Thomas Y.C. Woo Simon S. Lam Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712-1188 1 Introduction Security
More informationSeparation of Duty in Role-Based Access Control Model through Fuzzy Relations
Third International Symposium on Information Assurance and Security Separation of Duty in Role-Based Access Control Model through Fuzzy Relations Hassan Takabi Morteza Amini Rasool Jalili Network Security
More informationITU-T Y Next generation network evolution phase 1 Overview
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Y.2340 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2016) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document
More informationDetecting and Resolving Conflicts of Mutual-Exclusion and Binding Constraints in a Business Process Context
Detecting and Resolving Conflicts of Mutual-Exclusion and Binding Constraints in a Business Process Context Sigrid Schefer 1, Mark Strembeck 1, Jan Mendling 2, and Anne Baumgrass 1 1 Institute for Information
More informationImpact of Dependency Graph in Software Testing
Impact of Dependency Graph in Software Testing Pardeep Kaur 1, Er. Rupinder Singh 2 1 Computer Science Department, Chandigarh University, Gharuan, Punjab 2 Assistant Professor, Computer Science Department,
More informationControl-M and Payment Card Industry Data Security Standard (PCI DSS)
Control-M and Payment Card Industry Data Security Standard (PCI DSS) White paper PAGE 1 OF 16 Copyright BMC Software, Inc. 2016 Contents Introduction...3 The Need...3 PCI DSS Related to Control-M...4 Control-M
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa B 7. [N b ] PKb Here,
More informationApplying the Semantic Web Layers to Access Control
J. Lopez, A. Mana, J. maria troya, and M. Yague, Applying the Semantic Web Layers to Access Control, IEEE International Workshop on Web Semantics (WebS03), pp. 622-626, 2003. NICS Lab. Publications: https://www.nics.uma.es/publications
More informationIntroduction to SciTokens
Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any
More information2. Methodology. 1. Introduction. Tie-RBAC: An application of RBAC to Social Networks. 2.1 Social Network Analysis
Tie-RBAC: An application of RBAC to Social Networks Antonio Tapiador, Diego Carrera, Joaquín Salvachúa Universidad Politécnica de Madrid Abstract This paper explores the application of role-based access
More informationKeyNote: Trust Management for Public-Key. 180 Park Avenue. Florham Park, NJ USA.
KeyNote: Trust Management for Public-Key Infrastructures Matt Blaze 1 Joan Feigenbaum 1 Angelos D. Keromytis 2 1 AT&T Labs { Research 180 Park Avenue Florham Park, NJ 07932 USA fmab,jfg@research.att.com
More informationA Two-Fold Authentication Mechanism for Network Security
Asian Journal of Engineering and Applied Technology ISSN 2249-068X Vol. 7 No. 2, 2018, pp. 86-90 The Research Publication, www.trp.org.in A Two-Fold for Network Security D. Selvamani 1 and V Selvi 2 1
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCertDigital Certification Services Policy
CertDigital Certification Services Policy Page: 2 ISSUED BY : DEPARTAMENT NAME DATE ELECTRONIC SERVICES COMPARTMENT COMPARTMENT CHIEF 19.03.2011 APPROVED BY : DEPARTMENT NAME DATE MANAGEMENT OF POLICIES
More informationGMO Register User Guide
GMO Register User Guide A. Rana and F. Foscarini Institute for Health and Consumer Protection 2007 EUR 22697 EN The mission of the Institute for Health and Consumer Protection is to provide scientific
More informationWindows Server 2008 Active Directory Resource Kit
Windows Server 2008 Active Directory Resource Kit Stan Reimer, Mike Mulcare, Conan Kezema, Byron Wright w MS AD Team PREVIEW CONTENT This excerpt contains uncorrected manuscript from an upcoming Microsoft
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationPublic Key Establishment
Public Key Establishment Bart Preneel Katholieke Universiteit Leuven February 2007 Thanks to Paul van Oorschot How to establish public keys? point-to-point on a trusted channel mail business card, phone
More informationA SECURE WORKFLOW SYSTEM FOR DYNAMIC COLLABORATION
12 A SECURE WORKFLOW SYSTEM FOR DYNAMIC COLLABORATION Joon S. Park, Myong H. Kang, and Judith N. Froscher Center for High Assurance Computer Systems US Naval Research Laboratory {jpark, mkang, froscher}
More informationACS 5.x: LDAP Server Configuration Example
ACS 5.x: LDAP Server Configuration Example Document ID: 113473 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Directory Service Authentication Using
More informationIntegrating Legacy Authorization Systems into the Grid: A Case Study Leveraging AzMan and ADAM
Integrating Legacy Authorization Systems into the Grid: A Case Study Leveraging AzMan and ADAM Weide Zhang, David Del Vecchio, Glenn Wasson and Marty Humphrey Department of Computer Science, University
More informationConducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as a Trustworthy Digital Repository
Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as a Trustworthy Digital Repository Robert R. Downs and Robert S. Chen Center for International Earth Science Information
More informationPublic. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2
Atos Trustcenter Server Certificates + Codesigning Certificates Version 1.2 20.11.2015 Content 1 Introduction... 3 2 The Atos Trustcenter Portfolio... 3 3 TrustedRoot PKI... 4 3.1 TrustedRoot Hierarchy...
More informationContext-Sensitive Data Security for Business Applications Performance Optimization
Context-Sensitive Data Security for Business Applications Performance Optimization Arjun K Sirohi Oracle USA Inc, Bellevue, WA, USA Arjun.Sirohi@oracle.com Abstract the importance of data security in enterprise
More informationAuthenticating Cisco VCS accounts using LDAP
Authenticating Cisco VCS accounts using LDAP Cisco TelePresence Deployment Guide Cisco VCS X6 D14526.04 February 2011 Contents Contents Document revision history... 3 Introduction... 4 Usage... 4 Cisco
More informationCisco Expressway Authenticating Accounts Using LDAP
Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide Cisco Expressway X8.5 December 2014 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration 4
More information