Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using...
-
Upload
pierce-ross -
Category
Documents
-
view
215 -
download
0
Transcript of Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using...
![Page 1: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/1.jpg)
Authorization in Trust ManagementConditional Delegation and
Attribute-Based Role Assignmentusing XACML and RBAC
Brian Garback
© Brian Garback 2005
![Page 2: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/2.jpg)
Authorization in Trust Management
Trust Management System:– Architecture to maintain
privacy and security of medical data
– Control access within and across domains
Authorization– Policy Definition– Policy Enforcement
Policy Enforcement Filter
Hospital Portal
Data
Web Services and Data Repository
XA
CM
L
Au
tho
riza
tio
n
Res
po
nse
XA
CM
L
Au
tho
riza
tio
n
Req
ues
t
Attribute Service
XACML PolicyDatabase
Data Request Medical DataDatabase
DemographicDatabase
Medical ImageryWeb Service
Medical RecordWeb Service
DemographicWeb Service
SAML ID Token
SAML Authorization Web Service(Policy Decision Point)
![Page 3: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/3.jpg)
Talk Outline
RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML
– Attribute-Based Role Assignment– Conditional Delegation of Permission
![Page 4: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/4.jpg)
Talk Outline
RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML
– Attribute-Based Role Assignment– Conditional Delegation of Permission
![Page 5: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/5.jpg)
Role-Based Access Control
Physician
Nurse
Patient
Admin
Read Medical Record
Write Prescription
Write Medical Record
Read Prescription
⋮
Users Roles Permissions
![Page 6: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/6.jpg)
Hierarchical RBAC
Physician
Patient
Operate
⋮
Users Roles Permissions
Hospital User
OrthopedistSurgeon
Perform X-Ray
Write Prescription
Read Prescription
Read Demographics
![Page 7: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/7.jpg)
Talk Outline
RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML
– Attribute-Based Role Assignment– Conditional Delegation of Permission
![Page 8: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/8.jpg)
XACML from
XML extension language to specify and enforce authorization policy
XACML 2.0 approved Feb 2005 XACML provides:
– Standard security policy language– Policy combination– Conditional context-aware access control
![Page 9: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/9.jpg)
XACML System Design
XA
CM
L R
esp
on
se
XA
CM
L R
equ
est
PolicyAdministration
Point (PAP)
Resource
Access
Policy Decision Point (PDP)
Policy Enforcement Point(PEP)
Access Request
Policy Information Point (PIP)
Attribute Request
Attribute Request
1
2
3
4
56
7
Policy
![Page 10: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/10.jpg)
XML Structure
<Policy Set><Policy Set>
COMPARE REQUEST vs. POLICIES for all applicable policies for all applicable rules evaluate condition combine rule results combine policy results return RESULT
<Policy Set>
<Policy>
<Request>
<Subject> <Attribute><Attribute><Attribute>
<Resource> <Attribute><Attribute><Attribute>
<Action> <Attribute><Attribute><Attribute>
<Policy><Policy>
<Target>
<Subjects> <Resources> <Actions>
<Rule><Rule><Rule>
<Target>
<Subjects> <Resources> <Actions>
<Condition>
<Apply><Apply><Apply>
<Response>
<Result>
<Decision>
<Status>
PEP PAP
PDP
![Page 11: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/11.jpg)
Talk Outline
RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML
– Attribute-Based Role Assignment– Conditional Delegation of Permission
![Page 12: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/12.jpg)
XACML Profile for RBAC
Draft v2.0 approved Sept. 2004 Contents:
– Assigning and Enabling Role Attributes– Core and Hierarchical RBAC implementation– Access Control
![Page 13: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/13.jpg)
RBXACML Policies
Role Assignment Policy Set– Enables roles for users
Permission Policy Set– Associates permissions with roles
Role Policy Set– Associates enabled roles with a PPS
Three Employee-Manager Examples
-
![Page 14: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/14.jpg)
Role Assignment Example
subject-id = Seth
subject-id = Steve
role = employee
role = manager
Role Assignment <Policy>
Employee Role <Rule>
<Target>
<Subjects> subject-id = Seth || subject-id = Anne
<Resources> role = employee
<Actions> action = enableRole
<Condition> 9h < current-time < 17h
Manager Role <Rule>
<Target>
<Subjects> subject-id = Steve
<Resources> role = manager
<Actions> action = enableRole
<Request>
<Subject> subject-id = Seth
<Resource> role = employee
<Action> action-id = enableRole
<Result>
<Decision> Permit
PDP
<Request>
<Subject> subject-id = Steve
<Resource> role = manager
<Action> action-id = enableRole
![Page 15: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/15.jpg)
Manager Permission Example
Manager Role <Policy Set>
<Target>
<Subjects> role = manager
<PolicySetIDReference> Manager Permission <PS>
Manager Permission <Policy Set>
<Policy>
<Rule> Permission to sign purchase order
<Target>
<Resources> resource-id = purchase order
<Actions> action-id = sign
<PolicySetIDReference> Employee Permission <PS>
<Result>
<Decision> Permit
subject-id = Seth
subject-id = Steve
role = employee
role = manager
PDP
<Request>
<Subject> subject-id = Steve
<Resource> resource-id = purchase order
<Action> action-id = sign
role = manager
![Page 16: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/16.jpg)
Hierarchical Permission Example
Manager Role <Policy Set>
<Target>
<Subjects> role = manager
<PolicySetIDReference> Manager Permission <PS>
Manager Permission <Policy Set>
<Policy>
<Rule> Permission to sign purchase order
<Target>
<Resources> resource-id = purchase order
<Actions> action-id = sign
<PolicySetIDReference> Employee Permission <PS>
Employee Permission <Policy Set>
<Policy>
<Rule> Permission to create purchase order
<Target>
<Resources> resource-id = purchase order
<Actions> action-id = create
<Request>
<Subject> subject-id = Steve
<Resource> resource-id = purchase order
<Action> action-id = create
role = manager
PDP
<Result>
<Decision> Permit
subject-id = Seth
subject-id = Steve
role = employee
role = manager
![Page 17: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/17.jpg)
RBXACML Takeaways
Implementation of RBAC using XACML– Organized into RAPS, PPS, and RPS
Shortcomings:– Hierarchy created through PPS references, not at
role-level– Lacks of clear role assignment specification– No mention of permission delegation
![Page 18: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/18.jpg)
Talk Outline
RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML
– Attribute-Based Role Assignment– Conditional Delegation of Permission
![Page 19: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/19.jpg)
RBXACML Enhancements
Goals:– More rigorously define role
assignments Assign roles to users based on
sets of user attributes
– Support delegation Allow control for administrator
and delegator over delegated permissions
Physician
![Page 20: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/20.jpg)
Attribute-Based Role Assignment
Original RBAC:
ABRA:
Physician
PhysicianIf subject-id = 5
If holds physician role inhighly-trusted remote domain
![Page 21: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/21.jpg)
XACML for ABRA
Every Role has one RAP
RAPS = { RAPs }
RAP = { enabling rules }
Role Assignment <Policy Set>
⋮
Physician Role Assignment <Policy>
Enabling <Rule> for Remote Physicians
<Target>
<Subject> physician E remote-roles
issuer E highly-trusted-domains
Enabling <Rule> for Subject #5
<Target>
<Subject> subject-id = 5
Patient Role Assignment <Policy> ⋮
![Page 22: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/22.jpg)
Why Delegation?
Delegation: – One giving a portion of its authority to another
Motivating examples:– Physician to Physician
Attending permissions to a patient while on leave
– Physician to Medical Student Permission to read a patient’s record
![Page 23: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/23.jpg)
Constraining Delegation
Constrain delegation by specifying:– which permissions are delegatable
Allow subset to be specified
– how permissions can be delegated Delegation condition
– Fulfilled by delegator before he can delegate a role Delegatee enabling condition
– Fulfilled by delegatee before a role is enabled for him
Manifested as rules in a permission policy
![Page 24: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/24.jpg)
Delegated Physician Permission <Policy>
<Rule> Permission to read a patient record
<Target>
<Resource> resource-id = patient record
<Action> action-id = read
Role Assignment <Policy Set>
⋮
Physician Role Assignment <Policy> ⋮
Physician to Medical Student
Permission <Policy Set>
Physician Permission <Policy>
<Rule> Permission to read a patient record
<Target>
<Resource> resource-id = patient record
<Action> action-id = read
<Rule> Delegate - Permission to read a record
<Target>
<Resource> resource-id = Perm to read...
<Action> action-id = delegate
Delegation <Condition> if used fingerprint
<Rule> Enabling Cond – Perm to read a record
<Target>
<Resource> resource-id = Perm to read...
Enabling <Condition> if student && advisor = delegator
Delegated Physician Role Assignment <Policy>
<Result>
<Decision> Permit
PDP
<Condition> if patient-id = 10
Enabling <Rule> for Subject #4
Enabling <Condition> if student && advisor = delegator
<Target>
<Subject> subject-id = 4
Permission <Policy Set>
Physician Permission <Policy>
⋮
<Rule> Permission to read a patient record
<Target>
<Resource> resource-id = patient record
<Action> action-id = read
<Rule> Delegate - Permission to read a record
<Target>
<Resource> resource-id = Perm to read...
<Action> action-id = delegate
Delegation <Condition> if used fingerprint
Delegated Physician Permission <Policy>
<Rule> Permission to read a patient record
<Target>
<Resource> resource-id = patient record
<Action> action-id = read
<Condition> if patient-id = 10
<Request>
<Subject> subject-id = 5
<Resource> resource-id = Perm to read...
<Action> action-id = deleg
role = physician
login = fingerprint
![Page 25: Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.](https://reader031.fdocuments.in/reader031/viewer/2022020319/56649f325503460f94c4f046/html5/thumbnails/25.jpg)
Summary of Topics
RBAC:
XACML: authorization policy language RBXACML: combines both technologies
Enhancements:– ABRA: roles to user attribute expressions
– Conditional Delegation: Delegation Condition Delegatee Enabling Condition
Physician Read Prescription
PhysicianIf holds physician role in
highly-trusted remote domain