Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization...

7
Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg <[email protected]>

Transcript of Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization...

Page 1: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 1

A Middleware Service for Policy Based Authorization

Presentation at Nordunet 2003 by Roland Hedberg

<[email protected]>

Page 2: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 2

Why middleware services ?

TODAY: The application portfolio of most corporations are a patchwork of independent systems.

FUTURE: To efficiently build and integrate applications using a unified approach and a single platform for application development and integration.

Page 3: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 3

Key benefits of middleware

A common application programming/protocol interface across all platforms

Shields from complexity

Improve controllability, simpler administration

Improve productivity, efficiency and service

Page 4: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 4

Spocp

Simple POlicy Control Pod

Swedish/Norwegian development project

Started 1 june 2002, will run at least until 31 May 2004

Will be used by the NyA and “Ladok på web” services

Will be implemented as the authorization system at Stockholm university

Page 5: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 5

Spocp – key features

Built around a well defined rule syntax (S-expression), no specified semantics

Should be possible to model almost any kind of policies

Allows for the usage of external information services through 'boundary conditions'

Can be placed as 'close' to the application as needed

A positive answer can be ackompanied by additional information

Page 6: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 6

Rule basics

Everything that is not explicitly permitted is prohibited

Only positive rules exists

Every rule allows someone to do something

No order between rules

A request is granted if there is a rule in the rule database to which the query is a subset

Page 7: Spocp@nordunet2003 August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Spocp@nordunet2003August 20, 2003

Slide 7

Lessons learnt so far

Sofar we have failed to find policies that can not be translated into S-expression.

Seems to be fast enough for the applications tested

Technology as usual only part of the game

When the number of policies increases and is managed in a decentralized way it is essential that one can test whether the combined policies really expresses what they should.

Tools for 'Post mortem' analysis necessary


End to End Performance Initiative Russ Hobby NORDUnet 2002

End to End Performance Initiative Russ Hobby NORDUnet 2002

Portfolio philip hedberg

Portfolio philip hedberg

Brian Bach Mortensen, NORDUnet Terena Networking Conference Vilnius 2010

Brian Bach Mortensen, NORDUnet Terena Networking Conference Vilnius 2010

René Buch, CEO NORDUnet NORDUnetnordu.net/sites/default/files/article_attachments...NORDUnet Nordic Infrastructure for Research & Education Nordic infrastructure for Research & Education

René Buch, CEO NORDUnet NORDUnetnordu.net/sites/default/files/article_attachments...NORDUnet Nordic Infrastructure for Research & Education Nordic infrastructure for Research & Education

NORDUnet - Danish e-Infrastructure Cooperation · PDF file• Niche Products/Services ... • NORDUnet 2012 – 68% Contribution ... NREN-client relationship will become more commercial

NORDUnet - Danish e-Infrastructure Cooperation · PDF file• Niche Products/Services ... • NORDUnet 2012 – 68% Contribution ... NREN-client relationship will become more commercial

NORDUnet Nordic eInfrastructure for Research & Education NORDUnet Nordic Infrastructure for Research & Education Magnus Bergroth NORDUnet A/S LHCOPN, September.

NORDUnet Nordic eInfrastructure for Research & Education NORDUnet Nordic Infrastructure for Research & Education Magnus Bergroth NORDUnet A/S LHCOPN, September.

weak interactions slidescern.ch/hedberg/lectures/weak_interactions_slides.pdf · V. Hedberg Weak Interactions 2 Gauge invariant theories. The equation y=x2 is symmetric or invariant

weak interactions slidescern.ch/hedberg/lectures/weak_interactions_slides.pdf · V. Hedberg Weak Interactions 2 Gauge invariant theories. The equation y=x2 is symmetric or invariant

Nordunet 24Sep14 HH

Nordunet 24Sep14 HH

Notes for celestial-mechanics, J. Hedberg © 2018

Notes for celestial-mechanics, J. Hedberg © 2018

NORDUnet Nordic Infrastructure for Research & Education NORDUnet Nordic Infrastructure for Research & Education Jørgen Qvist Chief Network Operating Officer.

NORDUnet Nordic Infrastructure for Research & Education NORDUnet Nordic Infrastructure for Research & Education Jørgen Qvist Chief Network Operating Officer.

SUBMARINE CABLE SYSTEMS Corrado Rocca NORDUnet Conference - TUTORIAL Day 27-8-2003

SUBMARINE CABLE SYSTEMS Corrado Rocca NORDUnet Conference - TUTORIAL Day 27-8-2003

NORDUnet e-Infrastrucure: Grids and Hybrid Networks

NORDUnet e-Infrastrucure: Grids and Hybrid Networks

NORDUnet Nordic Infrastructure for Research & Education NORDUnet IP Network NORDUnet Operational Meeting 06-30-2011.

NORDUnet Nordic Infrastructure for Research & Education NORDUnet IP Network NORDUnet Operational Meeting 06-30-2011.

NORDUnet 25 years Hans Wallberg SUNET University of Umeå Hans.Wallberg@umdac.umu.se The Future of NORDUnet.

NORDUnet 25 years Hans Wallberg SUNET University of Umeå [email protected] The Future of NORDUnet.

NORDUnet NORDUnet The Fibre Generation Lars Fischer CTO NORDUnet.

NORDUnet NORDUnet The Fibre Generation Lars Fischer CTO NORDUnet.

Internet Future Nordunet 2003 Vint Cerf MCI August 24, 2003.

Internet Future Nordunet 2003 Vint Cerf MCI August 24, 2003.

Nordic research networks Peter Villemoes NORDUnet A/S NORDUnet 2000 Helsinki 28-30 September 2000.

Nordic research networks Peter Villemoes NORDUnet A/S NORDUnet 2000 Helsinki 28-30 September 2000.

David Williams, CERN NORDUnet Conference, Reykjavik 24 August 2003

David Williams, CERN NORDUnet Conference, Reykjavik 24 August 2003

NORDUnet Nordic Infrastructure for Research & Education Enabling Science & Education in a Globalized economy René Buch CEO NORDUnet Nordic Infrastructure.

NORDUnet Nordic Infrastructure for Research & Education Enabling Science & Education in a Globalized economy René Buch CEO NORDUnet Nordic Infrastructure.

NORDUnet Nordic infrastructure for Research & Education LHCONE NSI Adaptation An Applications’ Perspective Jerry Sobieski NORDUnet CERN Dec. 13/14 2012.

NORDUnet Nordic infrastructure for Research & Education LHCONE NSI Adaptation An Applications’ Perspective Jerry Sobieski NORDUnet CERN Dec. 13/14 2012.