Delegent A Generic Authorisation Server

1
DelegentA Generic Authorisation Server

• Erik Rissanen
• Babak Sadighi
• Policy Based Reasoning Group
• Swedish Institute of Computer Science (SICS)

2
ScenarioBusiness-2-Business
Company B1
employee
employee
Orders Database
employee
Company A
Sales Records
employee
Company B2
employee
employee
3
Issues

• Centralised Management of privileges and roles
• time-consuming
• error-prone and security risk
• interferes with the core business
• does not correspond to the authority and
  responsibility structures

4
Solution

• Decentralised management of privileges and roles
• reduces delays for updates
• increases the level of security
• gives better flexibility by enabling decision
  makers to implement their decisions
• corresponds to the actual authority and
  responsibility structures

5
Delegation Model

• Delegation in terms of creating new permissions
  and authorities
• One can be an authority to create a permission
  for a certain group without having that
  permission for himself or being the authority to
  create it for himself.
• Delegation chains show how privileges
  (permissions and authorities) have been
  propagated.
• Any valid chain of delegation originates from a
  source of authority.

6
Constrained Delegation

• In order to keep some level of control on how
  privileges are propagated, we need some
  restrictions on delegation chains.
• Constrained delegation is a mechanism for
  expressing and enforcing restrictions on
  potential delegation chains.
• Usually constraints are on the groups of users,
  set of actions, set of objects and validity time
  of privileges.

7
Revocation Schemes

• We have implemented a number of revocation
  schemes based on
• Who has the authority to revoke a delegation?
• What should be the consequences of a particular
  revocation?

8
Auditing facilities

• Within the model a privielege holds only if it is
  created by a valid delegation chain. This means
  that
• One can trace the source of each privilege
• One can trace how authorities have been exercised

9
Authorisation Architecture

• Consolidate
• Authorisation requests
• Authorisation management
• Auditing facilities
• Isolate and simplify security critical code

10
Authorisation Architecture
Application logi
Audit tools
Admin tools
Application logi
Application logic
Service
Delegent
Service
Service
Data
Possible Directory
11
Authorisation Architecture

• Components authenticate to each other.
• Possible to isolate authorisation critical code
  to a few components.
• Authorisation responsible services and wrapper
  objects.
• Simple application logic.
• Delegent authorises management of itself.
  (Delegation model)
• Object based authorisation model.

12
Implementation
DM Delegation Manager ALM Access Level
Manager GM Group Managers CAPI Constraint API
Delegent Server
13
Delegation Manager

• Database of delegation chains in the form of a
  dependency graph
• Keeps track of who has the authority to change
  permissions

14
Access Level Manager

• Database of access permissions

15
Group Managers

• Keeps track of group memberships.
• Can use existing directory as its repository.

16
Constraint API

• Form an API for various constraints on
  authorisations, such as time intervals.
• Can be customized for specific applications.

17
Application

• Queries and updates authorisation information in
  delegent server.
• Very simple authorisation code since Delegent
  does the hard work.

18
A Delegation Example

• Issuer Gunnar Bjurel
• Holder Sverker Janson
• Privilege may authorise payments for project
  Delegent
• Constraints
• to PBR group
• for period 20020101-20030601
• Payment lt 20000 Sek.
• Valid 20020101-20030101

19
Future Plans for Delegent

• Better user interface
• Implementing new features such as
• attribute based access control
• Support for digital credentials
• X.509 attribute certificates
• SAML ACXML, XrML

20
The End

• Questions?