Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005
Authorization in Trust Management Trust Management System: – Architecture to maintain privacy and security of medical data – Control access within and across domains Authorization – Policy Definition – Policy Enforcement
Talk Outline RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML – Attribute-Based Role Assignment – Conditional Delegation of Permission
Talk Outline RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML – Attribute-Based Role Assignment – Conditional Delegation of Permission
Role-Based Access Control Physician Nurse Patient Admin Read Medical Record Write Prescription Write Medical Record Read Prescription ⋮ UsersRolesPermissions
Hierarchical RBAC Physician Patient Operate ⋮ UsersRolesPermissions Hospital User Orthopedist Surgeon Perform X-Ray Write Prescription Read Prescription Read Demographics
Talk Outline RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML – Attribute-Based Role Assignment – Conditional Delegation of Permission
XACML from XML extension language to specify and enforce authorization policy XACML 2.0 approved Feb 2005 XACML provides: – Standard security policy language – Policy combination – Conditional context-aware access control
XACML System Design
XML Structure
Talk Outline RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML – Attribute-Based Role Assignment – Conditional Delegation of Permission
XACML Profile for RBAC Draft v2.0 approved Sept Contents: – Assigning and Enabling Role Attributes – Core and Hierarchical RBAC implementation – Access Control
RBXACML Policies Role Assignment Policy Set – Enables roles for users Permission Policy Set – Associates permissions with roles Role Policy Set – Associates enabled roles with a PPS Three Employee-Manager Examples -
Role Assignment Example
Manager Permission Example
Hierarchical Permission Example
RBXACML Takeaways Implementation of RBAC using XACML – Organized into RAPS, PPS, and RPS Shortcomings: – Hierarchy created through PPS references, not at role-level – Lacks of clear role assignment specification – No mention of permission delegation
Talk Outline RBAC Introduction XACML Introduction XACML Profile for RBAC Enhancements to RBXACML – Attribute-Based Role Assignment – Conditional Delegation of Permission
RBXACML Enhancements Goals: – More rigorously define role assignments Assign roles to users based on sets of user attributes – Support delegation Allow control for administrator and delegator over delegated permissions Physician
Attribute-Based Role Assignment Original RBAC: ABRA: Physician If subject-id = 5 If holds physician role in highly-trusted remote domain
XACML for ABRA Every Role has one RAP RAPS = { RAPs } RAP = { enabling rules }
Why Delegation? Delegation: – One giving a portion of its authority to another Motivating examples: – Physician to Physician Attending permissions to a patient while on leave – Physician to Medical Student Permission to read a patient’s record
Constraining Delegation Constrain delegation by specifying: – which permissions are delegatable Allow subset to be specified – how permissions can be delegated Delegation condition – Fulfilled by delegator before he can delegate a role Delegatee enabling condition – Fulfilled by delegatee before a role is enabled for him Manifested as rules in a permission policy
Physician to Medical Student
Summary of Topics RBAC: XACML: authorization policy language RBXACML: combines both technologies Enhancements: – ABRA: roles to user attribute expressions – Conditional Delegation: Delegation Condition Delegatee Enabling Condition Physician Read Prescription Physician If holds physician role in highly-trusted remote domain