PowerPoint-presentatie - PowerPoint PPT Presentation

About This Presentation
Title:

PowerPoint-presentatie

Description:

The subject may define a set of policies that determine how its authorization is used. ... that provides or hosts services and enforces access to these services based ... – PowerPoint PPT presentation

Number of Views:12
Avg rating:3.0/5.0
Slides: 14
Provided by: Taildr
Category:

less

Transcript and Presenter's Notes

Title: PowerPoint-presentatie


1
AuthZ WG Conceptual Grid Authorization
Framework document Presentation of Chapter
2 GGF8 Seattle June 25th 2003 Document AID
222 draft-ggf-authz-framework-20030606.pdf
Leon Gommans University of Amsterdam
2
  • Chapter 2 Authorization framework concepts
  • Foundation of chapters 2 3 are RFC 2903, RFC
    2904 and ISO/IEC 10181-3
  • Term authorization may point at
  • Decide to issue a right
  • The possession or a reference to a right
  • The verification of a right.
  • Within Grid context we recognize 3 basic
    entities which have (trust) relationships
  • Subject
  • Resource
  • Authority

Typical trust Relationships
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
3
  • Chapter 2 Authorization framework concepts
  • Foundation of chapters 2 3 are RFC 2903, RFC
    2904 and ISO/IEC 10181-3
  • Term authorization may point at
  • Decide to issue a right
  • The possession or a reference to a right
  • The verification of a right.
  • Within Grid context we recognize 3 basic
    entities which have (trust) relationships
  • Subject
  • Resource
  • Authority

Typical trust Relationships
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
4
  • Subject
  • Any entity with a certain identity that can
    request, receive, own, transfer, present or
    delegate an electronic authorization as to
    exercise a certain right. Informally, a subject
    is any user of a service or resource. The subject
    may be identified as an individual user or as a
    member of a group of users. A user may also be a
    process that acts on behalf of a user and as such
    assumes some delegated form of identity. The
    subject may define a set of policies that
    determine how its authorization is used.

GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
5
Resource A component of the system that
provides or hosts services and enforces access to
these services based on a set of rules and
policies defined by entities that are
authoritative for the particular resource.
Typically in Grid environments a resource is a
computer providing compute cycles or data storage
through a set of services it offers.
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
6
Authority An administrative entity that is
capable of and authoritative for issuing,
validating and revoking an electronic means of
proof such that the subject and/or owner of the
issued electronic means is authorized to exercise
a certain right or assert a certain attribute.
Right(s) may be implicitly or explicitly present
in the electronic proof. A set of policies may
determine how authorizations are issued,
verified, etc. based on the contractual
relationships the Authority has established.
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
7
  • Different Authority types
  • Commonly used authority types for authorization
    are
  • Attribute Authority
  • Policy Authority
  • Certification Authority (CA) may be used to make
    an Authorization (certificate) authentic.

GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
8
Authorization is frequently split into three
distinct processes 1) Definition a person or
organization defining an authorization policy at
high-level. 2) Implementation of the high level
policy into a certain executable form 3)
Evaluation of the executable policy by a process
which subsequently decides to issue a specific
authorization to a subject or take a specific
action. The component performing the latter step
of computing an authorization decision on behalf
of the authorities is sometimes referred to as an
Authorization Server.
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
9
Evaluation sequences according to RFC2904 in new
terms
Authority
Authority
Authority
1
1
Subject
Subject
2
Subject
4
2
2
3
1
3
3
Resource
Resource
Resource
4
4
Pull model
Agent model
Push model
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
10
Domain Considerations In authorization scenarios
there are at least two administrative domains
Authority
Subject
Resource
Home domain
Service domain
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
11
Contractual Trust Relationships One must
recognize and understand the involved contractual
relationships and map the trust relationships to
fully understand the sequences.
Authority
Subject
Resource
Home domain
Service domain
Contractual relationship
Trust relationship
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
12
Contractual Trust Relationships One must
recognize and understand the involved contractual
relationships and map the trust relationships to
fully understand the sequences.
Authority
Subject
Resource
Home domain
Service domain
Contractual relationship
Trust relationship
GGF 8 - 06/25/03 - AuthZ WG / L.Gommans
13
Thank you ! lgommans_at_science.uva.nl
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "PowerPoint-presentatie" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!