Privileges, a generic model
Notewarning | |||
---|---|---|---|
| |||
Please see the new version.https://spaces.at.internet2.edu/pages/editpage.action?pageId=24578236 |
A Group is a collection of subjects. An example of using a group without using authorization is an email list. A Role is a collection of privileges that is shared by all subjects assigned to the role, which generally describes the subjects' affiliation, job function, or responsibility. A Resource is the part of the system which needs to be protected by authorization, and it represents a noun in a privilege assignment. The Action is the verb of the privilege assignment which allows a resource to be assigned to a subject in various ways without creating more resources . For example SubjectA can view (action) the Math department data (resource). A Privilege Assignment associates the subject with the actions and resources that they are allowed to perform. A Limit is a condition on the privilege assignment which must be true at run-time for the privilege assignment to be allow. Examples of limits are time of day, source IP address, amounts of approvals, etc.
...
Using Paccman terminology, a generic access policy statement P reads
Code Block |
---|
P <==> Subject SuS in Role Ro can perform Action A on Resource Rs withinconstrained Scope Sc given the following {by Limits L, aka Conditions} |
Note:
- Subjects can be persons or groups
- Roles, Actions and Resources can inherit <<privileges, (policy statements)?>> from other Roles, Actions and ResourcesWildcards may be used for Subject, Action, Resource and/or Scope.
- Limits can be expressed as a sequence of atomic predicates "X Rel Verb Y" joined by logical operators, AND, OR, NOT, XOR. Rel defines any relationship where X specifies some attriibute value of the elements of the policy expression or
- X Verb Y is an atomic predicate that is either True or False based on
- The attributes of X
- Or some environmental/contextual variable,
- and proposition Y
- The whole Limit expression evaluates to True or False
- A Limit expression that is True results in an Allow decision for the containing policy statement
- A Limit expression that is False results in a Deny decision for the containing policy statement.
Abstract Definitions of Policy Elements:
- At the most abstract level, Access Policy Management, APM, is the creation, modification or deletion of Policy Statements PS from the set of all policy statements being managed.
- Policy Evaluation PEvconsists A Policy Decision, PD, consists of evaluating the applicable Policy Statement(s) at the time that subject Su attempts to perform Action A on Resource Rs . Policy Decisions, PD, map the boolean result of the Policy Evaluation PEv onto the pair {Allow, Deny}rwith the Decision being either Allow or Deny
- Policy Enforcement, PEfPE, either allows Su to perform the requested action A on Resource Rs or not based on whether the Policy Decision is Allow or Deny.
...
- Translate the policies implicit in the Paccman Primary Use Case Library (PPUCL) into the terminology of the proposed model
- Assess whether there are elements of those policies that are not expressible in terms of the proposed model
- Assess whether there are elements of the proposed model that do not figure in any of the policies implicit in the PPUCL
...