August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg.

Slides:

Advertisements

Similar presentations

0 McLean, VA August 8, 2006 SOA, Semantics and Security.

Advertisements

3rd Module: Information Systems Strategy and Planning:

Software change management

SPL/2010 Test-Driven Development (TDD) 1. SPL/

Database Planning, Design, and Administration

Blogging at Memorial University Libraries The what, the why, the how, the who.

BI Web Intelligence 4.0. Business Challenges Incorrect decisions based on inadequate data Lack of Ad hoc reporting and analysis Delayed decisions.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

From Process to Data through Services Ric Gingell Chief Architect Amarta Thursday September 1 st, 2005 VLDB 2005 Trondheim.

Privilege Management and Spocp Presentation at Advance CAMP Authority Architecture – Broomfield, Colorado July 2, 2004 by Roland Hedberg.

OASIS Reference Model for Service Oriented Architecture 1.0

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 8 Slide 1 System models.

1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.

Chapter 3 Database Management

Tutorials 1 1.What is the definition of a distributed system? 1.A distributed system is a collection of independent computers that appears to its users.

Represent the following sentences in first-order logic, using a consistent vocabulary

Lecture Nine Database Planning, Design, and Administration

Copyright © Stanford Linear Accelerator Center 2002 All rights reserved Copyright © Stanford Linear Accelerator Center 2002 All rights reserved Accelerator.

Database Management Systems (DBMS)

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

On the Use of Regular Expressions for Searching Text Charles L.A. Clarke and Gordon V. Cormack Fast Text Searching.

By N.Gopinath AP/CSE. Why a Data Warehouse Application – Business Perspectives  There are several reasons why organizations consider Data Warehousing.

Database System Development Lifecycle © Pearson Education Limited 1995, 2005.

Understanding Data Warehousing

DBS201: DBA/DBMS Lecture 13.

Sonam Chauhan Corporate Express B2B Change Management at Corporate Express.

An XPath-based Preference Language for P3P IBM Almaden Research Center Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 7 Slide 1 System models l Abstract descriptions of systems whose requirements are being.

Chapter 4 System Models A description of the various models that can be used to specify software systems.

System models Abstract descriptions of systems whose requirements are being analysed Abstract descriptions of systems whose requirements are being analysed.

UNIT Enheten för IT-stöd What is going on in: Sweden Joakim Björklund Director of IT services division Linköpings universitet

Developing Applications for SSO Justen Stepka Authentisoft, LLC

Configuration Management (CM)

Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.

Microsoft TechForge 2009 SQL Server 2008 Unplugged Microsoft’s Data Platform Vinod Kumar Technology Evangelist – DB and BI

Progress SOA Reference Model Explained Mike Ormerod Applied Architect 9/8/2008.

The Brain Project – Building Research Background Part of JISC Virtual Research Environments (Phase 3) Programme Based at Coventry University with Leeds.

Chapter 7 System models.

1.file. 2.database. 3.entity. 4.record. 5.attribute. When working with a database, a group of related fields comprises a(n)…

Distributed Database Systems Overview

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

System models l Abstract descriptions of systems whose requirements are being analysed.

Modified by Juan M. Gomez Software Engineering, 6th edition. Chapter 7 Slide 1 Chapter 7 System Models.

Enabling Project Communication, Collaboration & Workflow (CCW)

The Random Sampling/Tracking Tool: A Response to Over- Surveying Steve Graves Intel Corporation.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

SPOCP – general authorisation server Presentation at TF-aace meeting in Stockholm 26 nov 2002 Roland Hedberg.

Windows Role-Based Access Control Longhorn Update

INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.

CS 127 Introduction to Computer Science. What is a computer?  “A machine that stores and manipulates information under the control of a changeable program”

Dr. Bhavani Thuraisingham September 2006 Building Trustworthy Semantic Webs Lecture #5 ] XML and XML Security.

1 Web Services Policy Management Greg Pavlik Web Services Architect Oracle Corporation May 11, 2005.

An answer to your common XACML dilemmas Asela Pathberiya Senior Software Engineer.

Chapter 9  2000 by Prentice Hall. 9-1 Client/Server Computing.

Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.

STAR Scheduling status Gabriele Carcassi 9 September 2002.

1 Chapter 22 Distributed DBMS Concepts and Design CS 157B Edward Chen.

Slide 1 Systems Analysis and Design with UML Version 2.0, Second Edition Alan Dennis, Barbara Wixom, and David Tegarden Chapter 6: Functional Modeling.

Learners Support Publications www. lsp4you.com Database Users and Administrator.

In today’s lesson we will be looking at: what we mean by the software development lifecycle the phases in the lifecycle We will focus particularly on testing:

UNICORE and Argus integration Krzysztof Benedyczak ICM / UNICORE Security PT.

The Operations Portal and the Grid Operations Interoperability

Using Partitions and Fragments

Enhance BI Applications and Simplify Development

Policy reasoning A policy is a set of norms that define optimal behavior of agents in a system What does policy reasoning usually entail ? Proving that.

Middleware, Services, etc.

Signet & Privilege Management

Presentation transcript:

August 20, 2003 Slide 1 A Middleware Service for Policy Based Authorization Presentation at Nordunet 2003 by Roland Hedberg

August 20, 2003 Slide 2 Why middleware services ? TODAY: The application portfolio of most corporations are a patchwork of independent systems. FUTURE: To efficiently build and integrate applications using a unified approach and a single platform for application development and integration.

August 20, 2003 Slide 3 Key benefits of middleware A common application programming/protocol interface across all platforms Shields from complexity Improve controllability, simpler administration Improve productivity, efficiency and service

August 20, 2003 Slide 4 Spocp Simple POlicy Control Pod Swedish/Norwegian development project Started 1 june 2002, will run at least until 31 May 2004 Will be used by the NyA and “Ladok på web” services Will be implemented as the authorization system at Stockholm university

August 20, 2003 Slide 5 Spocp – key features Built around a well defined rule syntax (S- expression), no specified semantics Should be possible to model almost any kind of policies Allows for the usage of external information services through 'boundary conditions' Can be placed as 'close' to the application as needed A positive answer can be ackompanied by additional information

August 20, 2003 Slide 6 Rule basics Everything that is not explicitly permitted is prohibited Only positive rules exists Every rule allows someone to do something No order between rules A request is granted if there is a rule in the rule database to which the query is a subset

August 20, 2003 Slide 7 Lessons learnt so far Sofar we have failed to find policies that can not be translated into S-expression. Seems to be fast enough for the applications tested Technology as usual only part of the game When the number of policies increases and is managed in a decentralized way it is essential that one can test whether the combined policies really expresses what they should. Tools for 'Post mortem' analysis necessary