Versions Compared

Old Version 39

changes.mady.by.user Keith Hazelton (wisc.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Privileges, a generic model

Notewarning
titlePermalink for this pageThis is an older version of the Recipe.

Please see the new version.https://spaces.at.internet2.edu/pages/editpage.action?pageId=24578236

A Group is a collection of subjects.  An example of using a group without using authorization is an email list.  A Role is a collection of privileges that is shared by all subjects assigned to the role, which generally describes the subjects' affiliation, job function, or responsibility.  A Resource is the part of the system which needs to be protected by authorization, and it represents a noun in a privilege assignment.  The Action is the verb of the privilege assignment which allows a resource to be assigned to a subject in various ways without creating more resources .  For example SubjectA can view (action) the Math department data (resource).  A Privilege Assignment associates the subject with the actions and resources that they are allowed to perform.  A Limit is a condition on the privilege assignment which must be true at run-time for the privilege assignment to be allow.  Examples of limits are time of day, source IP address, amounts of approvals, etc.

...

Using Paccman terminology, a generic access policy statement P reads

Code Block
P <==> Subject SuS in Role Ro can perform Action A on Resource Rs withinconstrained Scope Sc given the following {by Limits L, aka Conditions}

Note:

  • Subjects can be persons or groups
  • Roles, Actions and Resources can inherit <<privileges, (policy statements)?>> from other Roles, Actions and ResourcesWildcards may be used for Subject, Action, Resource and/or Scope.  
  • Limits can be expressed as a sequence of atomic predicates "X Rel Verb Y" joined by logical operators, AND, OR, NOT, XOR. Rel defines any relationship where X specifies some attriibute value of the elements of the policy expression or  
  • X Verb Y is an atomic predicate that is either True or False based on
    • The attributes of X 
    • Or some environmental/contextual variable,
    Y is a proposition and Rel evaluates to T or F for any values of X and Y
    •  
    • and proposition Y 
  • The whole Limit expression evaluates to True or False
  • A Limit expression that is True results in an Allow decision for the containing policy statement
  • A Limit expression that is False results in a Deny decision for the containing policy statement.

Abstract Definitions of Policy Elements:

  • At the most abstract level, Access Policy Management, APM, is the creation, modification or deletion of Policy Statements PS from the set of all policy statements being managed.  
  • Policy Evaluation PEvconsists A Policy Decision, PD, consists of evaluating the applicable Policy Statement(s) at the time that subject Su attempts to perform Action A on Resource Rs .  Policy Decisions, PD, map the boolean result of the Policy Evaluation PEv onto the pair {Allow, Deny}rwith the Decision being either Allow or Deny
  • Policy Enforcement, PEfPE, either allows Su to perform the requested action A on Resource Rs or not based on whether the Policy Decision is Allow or Deny.

...

  • Translate the policies implicit in the Paccman Primary Use Case Library (PPUCL) into the terminology of the proposed model
  • Assess whether there are elements of those policies that are not expressible in terms of the proposed model
  • Assess whether there are elements of the proposed model that do not figure in any of the policies implicit in the PPUCL

...