Lesson 3 Chapter 4 Notes Access Control
Session
A mapping between a user and an activated subset of the set of roles to which the user is assigned.
Role
A named job function within the organization that controls this computer system. Typically, associated with each role is a description of the authority and responsibility conferred on this role, and on any user who assumes this role.
Subject attributes
A subject is an active entity (e.g., a user, an application, a process, or a device) that causes information to flow among objects or changes the system state. Each subject has associated attributes that define the identity and characteristics of the subject. Such attributes may include the subject's identifier, name, organization, job title, and so on. A subject's role can also be viewed as an attribute.
Trust framework providers
A trust framework provider is an organization that translates the requirements of policymakers into an own blueprint for a trust framework that it then proceeds to build, doing so in a way that is consistent with the minimum requirements set out in the OITF specification. In almost all cases, there will be a reasonably obvious
Attribute providers (APs)
APs are entities acknowledged by the community of interest as being able to verify given attributes as presented by subjects and which are equipped through the AXN to create conformant attribute credentials according to the rules and agreements of the AXN. Some APs will be sources of authority for certain information; more commonly APs will be brokers of derived attributes.
identity service provider
procure digital identity and credentials, and arrangements with parties that provide end-user services and applications and that are willing to rely on the identity and credential information generated by the identity service provider.
Constraints
provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.
Role hierarchies
provide a means of reflecting the hierarchical structure of roles in an organization. Role hierarchies make use of the concept of inheritance to enable one role to implicitly include access rights associated with a subordinate role.
Cardinality
refers to setting a maximum number with respect to roles. One such constraint is to set a maximum number of users that can be assigned to a given role. Prerequisite role dictates a user can only be assigned to a particular role if it is already assigned to some other specified role.
privileges
represent the authorized behavior of a subject; they are defined by an authority and embodied in a policy. Other terms that are commonly used instead of privileges are rights, authorizations, and entitlements.
relying party
requires that the user has been authenticated to some degree of assurance, that the attributes imputed to the user by the identity service provider are accurate, and that the identity service provider is authoritative for those attributes
capability ticket
specifies authorized objects and operations for a particular user. Each user has a number of tickets and may be authorized to loan or give them to others
access right
the way in which a subject may access an object.
Identity federation addresses two questions
1) How do you trust identities of individuals from external organizations who need access to your systems? 2) How do you vouch for identities of individuals in your organization when they need to collaborate with external organizations?
ATTRIBUTE-BASED ACCESS CONTROL (ABAC model)
: attributes, which are defined for entities in a configuration; a policy model, which defines the ABAC policies; and the architecture model, which applies to policies that enforce access control.
Permission
An approval of a particular mode of access to one or more objects. Equivalent terms are access right, privilege, and authorization.
User
An individual that has access to this computer system. Each individual has an associated user ID.
Object attributes
An object, also referred to as a resource, is a passive (in the context of the given request) information system-related entity (e.g., devices, files, records, tables, processes, programs, networks, domains) containing or receiving information. As with subjects, objects have attributes that can be leveraged to make access control decisions. A Microsoft Word document, for example, may have attributes such as title, subject, date, and author. Object attributes can often be extracted from the metadata of the object. In particular, a variety of Web service metadata attributes may be relevant for access control purposes, such as ownership, service taxonomy, or even Quality of Service (QoS) attributes.
Assessors
Assessors evaluate identity service providers and RPs and certify that they are capable of following the OITF provider's blueprint.
Access Control Context
Authentication: Verification that the credentials of a user or other system entity are valid. Authorization: The granting of a right or permission to a system entity to access a system resource. Audit: An independent review and examination of system records and activities in order to test for adequacy of system controls
Attribute-based access control (ABAC)
Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions.
Mandatory access control (MAC)
Controls access based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources). This policy is termed mandatory because an entity that has clearance to access a resource may not, just by its own volition, enable another entity to access that resource.
Discretionary access control (DAC)
Controls access based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do. This policy is termed discretionary because an entity might have access rights that permit the entity, by its own volition, to enable another entity to access some resource.
Role-based access control (RBAC)
Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.
access control lists (ACLs)
For each object, an ACL lists users and their permitted access rights. The ACL may contain a default, or public, entry. This allows users that are not explicitly listed as having special rights to have a default set of rights. The default set of rights should always follow the rule of least privilege or read-only access, whichever is applicable. Elements of the list may include individual users as well as groups of users.
Basic access control systems typically define three classes of subject
Owner: This may be the creator of a resource, such as a file. For system resources, ownership may belong to a system administrator. For project resources, a project administrator or leader may be assigned ownership. Group: In addition to the privileges assigned to an owner, a named group of users may also be granted access rights, such that membership in the group is sufficient to exercise these access rights. In most schemes, a user may belong to multiple groups. World: The least amount of access is granted to users who are able to access the system but are not included in the categories owner and group for this resource.
An Access Control Model To represent the protection state, we extend the universe of objects in the access control matrix to include the following:
Processes: Access rights include the ability to delete a process, stop (block), and wake up a process. Devices: Access rights include the ability to read/write the device, to control its operation (e.g., a disk seek), and to block/unblock the device for use. Memory locations or regions: Access rights include the ability to read/write certain regions of memory that are protected such that the default is to disallow access. Subjects: Access rights with respect to a subject have to do with the ability to grant or delete access rights of that subject to other objects, as explained subsequently.
Access rights could include the following:
Read: User may view information in a system resource (e.g., a file, selected records in a file, selected fields within a record, or some combination). Read access includes the ability to copy or print. Write: User may add, modify, or delete data in system resource (e.g., files, records, programs). Write access includes read access. Execute: User may execute specified programs. Delete: User may delete certain system resources, such as files or records. Create: User may create new files, records, or fields. Search: User may list the files in a directory or otherwise search the directory.
Identity providers (IDPs)
These are entities able to authenticate user credentials and to vouch for the names (or pseudonyms or handles) of subjects, and which are equipped through the AXN or some other compatible Identity and Access Management (IDAM) system to create digital identities that may be used to index user attributes.
Subjects
These are users of an RP's services, including customers, employees, trading partners, and subscribers.
Environment attributes
These attributes have so far been largely ignored in most access control policies. They describe the operational, technical, and even situational environment or context in which the information access occurs. For example, attributes, such as current date and time, the current virus/hacker activities, and the network's security level (e.g., Internet vs. intranet), are not associated with a particular subject nor a resource, but may nonetheless be relevant in applying an access control policy.
Auditors
These entities may be called on to check that parties' practices have been in line with what was agreed for the OITF.
Dispute resolvers
These entities provide arbitration and dispute resolution under OIX guidelines.
Policy management
This element governs what is allowable and unallowable in an access transaction. That is, given the identity and attributes of the requestor, the attributes of the resource or object, and environmental conditions, a policy specifies what actions this user can perform on this object.
Resource management
This element is concerned with defining rules for a resource that requires access control. The rules would include credential requirements and what user attributes, resource attributes, and environmental conditions are required for access of a given resource for a given function.
Privilege management
This element is concerned with establishing and maintaining the entitlement or privilege attributes that comprise an individual's access profile. These attributes represent features of an individual that can be used as the basis for determining access decisions to both physical and logical resources. Privileges are considered attributes that can be linked to a digital identity.
OpenID
This is an open standard that allows users to be authenticated by certain cooperating sites (known as Relying Parties) using a third party service, eliminating the need for Webmasters to provide their own ad hoc systems and allowing users to consolidate their digital identities. Users may create accounts with their preferred OpenID identity providers, then use those accounts as the basis for signing on to any Web site that accepts OpenID authentication. attributes of their intended users, and must rely upon the various credentials presented to evince those attributes and identities.
access matrix
a discretionary access control scheme is one in which an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource. A general approach to DAC, as exercised by an operating system or a database management system
object
a resource to which access is controlled. In general, an object is an entity used to contain and/or receive information.
policy
a set of rules and relationships that govern allowable behavior within an organization, based on the privileges of subjects and how resources or objects are to be protected under which environment conditions.
subject
an entity capable of accessing objects.
Mutually exclusive roles
are roles such that a user can be assigned to only one role in the set.
user mode
certain areas of memory are protected from the user's use and in which certain instructions may not be executed
