Model-Driven Design and Administration of Access Control in Enterprise Applications - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Model-Driven Design and Administration of Access Control in Enterprise Applications

Description:

Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005 Serves as fa ade for external authentication, single sign on, naming ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 15
Provided by: Aleksey2
Category:

less

Transcript and Presenter's Notes

Title: Model-Driven Design and Administration of Access Control in Enterprise Applications


1
Model-Driven Design and Administration of Access
Control in Enterprise Applications
  • April 2005

2

Access Control in Enterprise Applications
  • Serves as façade for external authentication,
    single sign on, naming and identity services,
    user directories
  • Managing access control is the key requirement,
    role based model (RBAC) is natural choice
  • Multiple points for permissions checks user
    interface, middleware, data access
  • Data Filtering Based on access control policy
  • Conditional and domain-related policies are
    common Only dedicated agents may access
    sensitive accounts

3
The Focus is The Model
  • Application is Modeled as a set of related UML
    Models
  • Specific UML Profiles used to model different
    aspects of the system, including Access Control
  • Application code is generated from set of related
    UML models using MDA approach
  • Access control is checked in the points,
    auto-generated in the code according to Access
    Control Model
  • Security Policy Administration Model drives the
    implementation of administration capabilities

4
Model Driven Architecture Approach
5
MDA is between "What?" and "How?"
  • What is ?
  • Protected Resource
  • Data Access Constraint
  • Policy Management Model
  • Administered Object
  • Organizational Structure
  • Audit Event
  • Actionable Notification
  • How to ?
  • Enforce Security Policy
  • Filter Data
  • Control Data Access
  • Manage Policy
  • Administer Users
  • Generate Events
  • Record and Monitor Events
  • Generate Notifications

6
What is ? is Specified by Models
7
How to ? Is Specified by Transformations
8
Access Control Transformation
9
Security Policy Administration Model
10
Security Administration Console
11
Working Togerther at Runtime
12
Where we are?
  • Permission checks are generated in the
    application code
  • Data filtering is generated, interface for
    filters implementation is generated
  • Security policy applied uniformly to the
    application and security administration console
  • User interface for security administration is
    based on the model

13
Lessons Learned
  • Developers of vertical solutions do not
    implement security related code
  • Model provides good visibility and reduces
    perceivable complexity
  • Policy applied uniformly to multiple tiers of
    application
  • Hello World application is close to impossible
  • Code generation takes time
  • Generated code looks bad - hard to debug
  • Extra artifacts in development

14
What is Next?
  • XACML policy generation
  • Code generation for security administration
    console
  • Developing model transformations as models
  • Defining meta-models as formal languages
  • Formal proof of model correctness
  • Unit tests generation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Model-Driven Design and Administration of Access Control in Enterprise Applications" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!