A useful framework for security should provide:
- Authentication - verifying that the user is indeed who he claims to be.
- Authorisation - verifying that the user is indeed allowed to do what he wants to do.
- Auditing - recording the attempt to do the intended action, its outcome and whether the action was indeed done.
The authentication framework should be able to able to plug into various authentication mechanisms (OS-based, LDAP-based, etc.), be flexible enough to accept various types of credentials (username/password, PKI certificate, etc.) and reliably establish the "Identity" of the user.
The authorisation framework should allow the specification of:
- Rights - what is allowed.
- Roles - who is allowed to do it.
- Realms - where are they allowed to do it.
Role-based authorisation allows for the maximum flexibility compared to the direct checking of the Rights of the given Identity. An Identity could be associated with multiple Roles. Realms establish domains of privileges - for example, a person has administrator privileges on his desktop PC but is just an ordinary user on the LAN. Rights could be positively stated ("Allow Foo") or negatively stated ("Disallow Bar"). Authorisation could be inclusive (at least one Role associated with the Identity has the Right) or exclusive (no Role associated with the Identity should be denied the Right). I personally favour positively stated Rights and inclusive authorisation.
The auditing framework would be used for non-repudiation, so it should have integrity (only the auditing framework could have written out a given audit record) and an almost transactional association with the respective action (record an action if and only if it was actually done).
Of course, in real "enterprise" software we end up with various degrees of compromise on each of these aspects.
(Originally posted on Advogato.)
|
|
Tweet |
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.