DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves.

Slides:

Advertisements

Similar presentations

Not like the State of Virginia. What is State in ASP.NET? Services (like web services) are Stateless. This means if you make a second request to a server,

Advertisements

Managing User, Computer and Group Accounts

1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.

When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Administering Active Directory

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

Lecture 7 Access Control

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

Understanding Active Directory

Chapter 7 WORKING WITH GROUPS.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

Windows Security Mechanisms Al Bento - University of Baltimore.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Chapter 5 File and Printer Services

Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.

 Name: Hatem elbuhaisi  Name no:  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

Chapter 7: WORKING WITH GROUPS

C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.

IOS110 Introduction to Operating Systems using Windows Session 8 1.

Module 4 Managing Access to Resources in Active Directory ® Domain Services.

Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.

PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.

Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

Module 3 Configuring File Access and Printers on Windows 7 Clients.

Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.

DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals.

Chapter 10: Rights, User, and Group Administration.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.

Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Module 5: Managing Access to Objects in Organizational Units.

1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.

Privilege Management Chapter 22.

Managing Data by Using NTFS. Overview Introduction to NTFS Permissions How Windows 2000 Applies NTFS Permissions Using NTFS Permissions Using Special.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

11/06/ أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 5.

19 Copyright © 2008, Oracle. All rights reserved. Security.

ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.

Introduction to NTFS Permissions

Module 7: Managing Access to Objects in Organizational Units

Azure Identity Premier Fast Start

Managing Data by Using NTFS

Managing Data by Using NTFS

PT2520 Unit 8: Database Security I

Chapter 9: Managing Groups, Folders, Files, and Object Security

Access Permission and Protection mode

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

DAV ACLs Lisa Lippert Microsoft

Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves

Background Drafts: –draft-ietf-webdav-acl-reqts-00.txt –draft-ietf-webdav-acl-00.txt (expired) Terms –ACL –ACE –Principal

File System ACLs Resource x principal x right --> yes/no Each resource (file or directory) has its own list Each list has entries for various principals and rights Users, groups, “All Users” principal Common rights: read, write, execute Other rights: list members, read ACLs, write ACLs... Directories may be treated differently than files Access rights may be denied as well as granted Various rules for ownership, inheritance, avoiding conflict

Other ACLs efforts LDAP IMAP: rfc2086 –lookup, read, write, insert, post, create, delete, administer, keep seen/unseen info across sessions –Rights apply only to mailboxes CAP (Calendar Access Protocol) CAT

Scenarios Basic allow read/write scenario Different authors on different resources within one collection Deny access to a member of a group Delegation without relinquishing control High-security: no evidence that a hidden file exists

Goals Allow access controls to be read and set Support most frequently used rights –read, write, delete, add child, list children, delete children, read ACL, write ACL Support grant, deny Allow access controls to apply to resources and collections

Goals Continued Flexible principal specification –userid & domain, group & domain, all, all authenticated Ability to add and remove access settings without resetting entire list

Inheritance goals Static inheritance Dynamic inheritance

Extensibility and Discovery Add new types of rights to resources or types of resources Ability to discover new rights

Security: Ownership Allow resource managers to grant and deny access to read and write access settings Ownership –“Owner” is the principal to whom permissions cannot be effectively denied –Useful to have “set owner” as well as “set ACLs” right (solves delegation scenario) –Must be supported

Security: Encryption To protect the ACL as sensitive data –Encryption could reduce chance of snooping –Snooping is particularly dangerous when account names are sent across the wire June WG decision: –there should be on-the-wire protection of ACL data –It should be possible to deny unprotected transactions

May-have Property-level access control Roles (problematic) Management: easy to block or log ACLs

Out of Scope how groups are or should be modeled Use of certificates to prove that a user has access Time-out access control Absolute predictability Sensitivity Delegation