1 / 17

Thoughts on Proposal 0.8

Thoughts on Proposal 0.8. Like the general approach Present ideas in three areas Glossary – we are still not communicating effectively, too much time explaining what we mean vs. constructive debate Policy Information Decision Strategies. Glossary Issues. Add “Access Request”

mireya
Télécharger la présentation

Thoughts on Proposal 0.8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thoughts on Proposal 0.8 • Like the general approach • Present ideas in three areas • Glossary – we are still not communicating effectively, too much time explaining what we mean vs. constructive debate • Policy Information • Decision Strategies

  2. Glossary Issues • Add “Access Request” • Applicable Policy – all policy is applicable to something. Can only be applicable with respect to a particular request • Need names for • Whole XML document target+rules+post cond • Set of XML documents applying to specified request

  3. Glossary Issues • Classification is unintuitive • Resource attribute • Internal Post Condition – PDP must insure it occurs, not necessarily precede return of result, e.g. audit trial write behind, via Safe Store • Role definition is completely non-standard • Role is Principal attribute with special semantics (choice of several) Lots of principal attributes are not roles, e.g. Signing limit

  4. Glossary Issues • Target mapping • In policy • May match multiple targets • Target value • In request • Exactly one target • More generally need to distinguish between • Policy formals (ValueRef) • Decision-time actuals (Value)

  5. Were can policy inputs come from? • Authentication act • Session information • Access Request • Attribute Authority • Resource Metadata • Resource Content

  6. Who has this info? • Authentication act – Authentication Authority • Session information – Session Authority • Access Request - PEP • Principal Attributes - Attribute Authority • Resource Metadata – PEP • Resource Content - PEP

  7. Conclusions • The PIP has no useful role • There is no Environment

  8. Example Information • Authentication act • Principal • Date/time • Location • Method • Session information • Principal • Start time • Last Active • Other…

  9. Example Information • Access Request • Requester principal • Receiver principal • Codebase principal • Intermediary principal • Date/time • Location • Resource • Action • Parameters

  10. Example Information • Attribute Authority • Principal Attributes • Resource Metadata • Name • Attributes • Resource Content • Data fields

  11. Conclusions • The same item can appear in different contexts, e.g. date/time, need to distinguish • Within the access request, there can be different principals, need to distinguish • Authentication and Session properties can apply to any of the principals in the request, e.g. method of Authentication used by intermediary principal • Same is true for principal attributes

  12. Decision Strategies • Issue: some policy features constrain the choice of decision strategy, e.g. Global deny prevents incremental evaluation • Features may be required in some environments • Other environments may not wish to forgo optimizations for non-requirment

  13. Suggested Approach • Identify all possible decision strategies (I don’t think there are that many) • If a feature’s use precludes one of more, document the fact • Environments can decide to use or exclude the feature

  14. Decision Strategies • Strategy I - Basic • Collect all applicable policies • Obtain all required inputs • Evaluate all policies • Apply PFR to resolve conflicting results

  15. Decision Strategies • Strategy II - Optimized • Collect all applicable policies • Use PFR to create equivalent combined policy • Evaluate policies incrementally, gathering inputs as needed, defer evaluations based on inputs requirements(this for example allows "lazy authentication" where authentication is not done if the result can be determined without it) • Once the result is known, stop evaluation

  16. Decision Strategies • Strategy III- Incremental collection • Collect "some" policies • Obtain required inputs • Evaluate current policy set • Use PFR to combine latest results with previous results (if any) • If result is known, stop evaluation • If not all policies have been collected, repeat previous steps

  17. Questions • Is this approach helpful? • Are there other decision strategies?

More Related