RSP Fedora training days 22-23 January 2009 Richard Green

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

Vital Implementation Update Vital Implementation Update 11 th January 2006 Paul Bevan – Glen Robson –
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Grouper Training End Users Lite UI – Permissions – Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
System Center Configuration Manager Push Software By, Teresa Behm.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
An Investigation into Filtering of Search Results by Access Constraints Gert Schmeltz Pedersen and Christian Tønsberg Technical Information Technical.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Network Printing. Printer sharing Saves money by only needing one printer Increases efficiency of managing resources.
21 June 2006Copyright 2006 University of Kent1 Delegation of Authority (DyVOSE project) David Chadwick University of Kent.
© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Request to Vet A Workflow for Providing Access to Material of Undetermined Cultural Sensitivity Status 1 Scott Ziegler American Philosophical Society June.
1 Enabling Secure Internet Access with ISA Server.
© Copyright 2013 TONE SOFTWARE CORPORATION. Confidential and Proprietary. All rights reserved. ® Basic Administrator Training – Release Entities.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
General Purpose Packages
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
1/28/2010 Network Plus Windows Networking Network Identification Identifies name and type of network. Installed adapters –Performed during Windows installation.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
Moodle (Course Management Systems). Managing Your class In this Lecture, we’ll cover course management, including understanding and using roles, arranging.
The New MR Repository & Security Authorization Model Ben Naphtali WebFOCUS Product Manager Architecture and Security May 2010 Copyright 2009, Information.
Access Control for Health Applications EHI Connecting Communities Forum April 11, 2006 Don Grodecki Browsersoft, Inc.
DAMS Implementation at NLW DAMS Implementation at NLW 20 th February 2007 Paul Bevan
G53SEC 1 Access Control principals, objects and their operations.
1 Moodle Login Professional Development Training.
New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.
Advanced Databases DBA: Security and Backups Guide to Oracle 10g 1.
Secure Operating Systems Lesson 4: Access Control.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions.
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Chapter Six Working with NDS Security. Chapter Objectives Describe NDS security and list the object and property rights Identify the NDS security needs.
OVERVIEW OF ACTIVE DIRECTORY
Privilege Management Chapter 22.
HOW TO SETUP USERS 2014 v1.0. System Setup – My Settings 2 Click Setup 11 Under System Setup, My Settings enables you to change your Password or reset.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Copyright © 2012 Pearson Education, Inc. or its affiliate(s). All rights reserved
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Access control techniques Once an organization decides upon the access control model it will implement(DAC,MAC, or RBAC), then it needs to look at the.
Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.
Essentials of UrbanCode Deploy v6.1 QQ147
Introduction to NTFS Permissions
Active Directory Administration
Working Knowledge Training
SQL Server Security 101 How did you get in here, and
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Module 8: Implementing Group Policy
Introducing NTFS Reliability Security Long file names Efficiency
SQL Server Security 101 How did you get in here, and
Figure 6-13: Managing Permissions
Presentation transcript:

RSP Fedora training days January 2009 Richard Green

RSP Fedora Training Days January 2009  Fedora creates an admin user as part of the installation process  Further users can be dealt with through:  the Tomcat users file  linking to a local LDAP  etc  security systems can be ‘chained’  Users are usually assigned a ‘role’ which can be used to determine their general permissions

RSP Fedora Training Days January 2009  Authorisation in Fedora is managed by the SUN XACML engine  Security policies can be tied to users, roles, IP addresses; objects, datastreams, methods  Only administrators can use API-M  API-M can only be called from  Users in the role ‘student’ cannot have access to datastreams called “fullsizeImage”  etc 3

RSP Fedora Training Days January 2009  Fedora provides dozens of ‘hooks’ to which security can be attached:  subject (loginID)  actions (API-M, purgeObject, riFindObjects…)  resources (object:owner, datastream:id…)  environment (clientIpAddress, currentDate…)  Hugely flexible  but can get complicated when policies interact  XACML is not very nice to write 4

RSP Fedora Training Days January 2009  The overall intent of this policy is datastream hiding, meaning that raw datastreams must not be accessible to anyone except very privileged users, but service-mediated disseminations are accessible by a broader audience.  The key point is that students can access disseminations of the object, but not the raw datastreams. This is might typically be done in cases where lesser privileged users are given a derivation of the main datastream, or a lesser quality view, or a less complete view of the raw datastream content.  Given that an object is of a certain content model (in this case UVA_STD_IMAGE), this policy will DENY datastream access to users who do NOT have the ROLE of 'administrator' or 'professor.' It will also DENY dissemination access to to users who do NOT have the ROLE of 'student,' 'administrator,' or 'professor.' 5

RSP Fedora Training Days January

 Default set of policies available ‘out of the box’  Good set of example policies provided  heavily commented  to learn from  to adapt 7

RSP Fedora Training Days January 2009  Given that writing XACML is not for the faint- hearted, other approaches have been produced by Fedora developers to hide it from even admin users  For instance, Muradora (which uses not quite the native Fedora security system but the principle holds): 8

RSP Fedora Training Days January 2009  Each collection (or object) has a security icon (authorisation permitting) 9

RSP Fedora Training Days January 2009  Users and roles listed  Check box security  Permissions set here are inherited (or overriden) at lower levels 10

RSP Fedora Training Days January Thesis object showing security options against individual datastreams. Could allow thesis to anyone (inherited) but audio clips only to… (Copyright?)

RSP Fedora Training Days January 2009  ‘Advanced’ security allows admin to set repository-wide permissions 12

RSP Fedora Training Days January 2009  Deny datastreams of type ‘audio/mpeg’ to students 13

RSP Fedora Training Days January 2009  Fedora has very flexible access controls  Authorisation based around XACML 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.