Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto)

Slides:



Advertisements
Similar presentations
PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
Advertisements

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
FI-WARE Testbed Access Control temporary solution.
SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Business Transformation Redefined | 1 PASP®ID solution for DLLR's Division of Occupational and Professional Licensing -Powered by manageID®
Modifying Managed Objects Alan Frindell 3/29/2011.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
NewTech Book Store Faculty: Mr. Hieu Le Trung Student: Tan Do Nhat Batch code: B Centre: NIIT Saigon Project Report.
Mint-user MINT Technical Overview October 8 th, 2010.
How To Batch Register Your Students
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Illustration Assets for KMIP Use Case Document. Users.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
Survey of Identity Repository Security Models JSR 351, Sep 2012.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev
ArcGIS Server and Portal for ArcGIS An Introduction to Security
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.
CROWNWeb Roles and Scope CROWNWeb – Roles and Scope Matt McDonough Communications Coordinator NW7 Mike Seckman Technical Writer NW7.
UX Case Study daniela How many steps does it take to confirm an ? July 2014 when using a mobile app.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Postpaid Monthly Invoices (for MAC Authenticated Clients)
VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.
Enterprise Identity Steve Plank – Microsoft Hugh Simpson-Wells – Oxford Computer Group Dave Nesbitt – Oxford Computer Group.
Get Random Proposal John Leiseboer 11 October 2012.
January 30, 2016 Sub-Office Access to COM. Lesson Overview: Sub-Office Access to COM  In this lesson we will cover:  Edit Office Logo  TaxWise Updates.
EProject Document. Group 4 Group Member : Nguyen Thanh Chuong A Truong Ngoc Dai A Nguyen Vinh Loc A Nguyen Minh Tu A03755.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
ASP.NET Identity System
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/26/2011.
Objective Propose a simple and concise set of “Core” Entities and Relations for TOSCA useful for any application deployment in a cloud Enable users to.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Ariba Punch-Out Catalog Process Flow
In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.
U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.
Survey of Identity Repository Security Models JSR 351, Sep 2012.
OGF PGI – EDGI Security Use Case and Requirements
Exe Related 2FA Functionality.
UML Use Case Diagrams.
Usecases and Requirements for OGSA-Security
OAuth2 SCIM Client Registration & Software Statement Exchange
KMIP Client Registration Ideas for Discussion
SECURE SAFE AND EASY WEBSITE GUIDE
Uber clone Taxi app Solution
First-time Login to Business Banking:
CONSTRUCTION MANAGEMENT
KMIP Entity Object and Client Registration
Office 365 Development.
This is the Sign In page for the Dashboard
Operational Rules Model – step-by-step instructions and template
What are IAM Key Processes.
Implement Web Application Proxy (WAP)
Protecting your data with Azure AD
FCL – Administration Tool
Batch Changes.
Security for Science Gateways Initial Design Discussions
Azure AD Simon May Technical Evangelist.
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens-02
INTEGRATIONS WITH Single Sign-On
Presentation transcript:

Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto) Objects If an app has authenticated as a client it will return a list of owned Entities Inother words, clients own Objects, admins own Entities  Authenticating as client or admin is outside of the scope of this set of use-cases 1 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Objects/Operations/Attributes (in the Admin Universe) Objects:  Entity  (?) Entity Template Operations (only with admin role):  Register  Destroy  Add/Mod/Del Attr  Locate  (?) Locate w/attributes Operations (with client role):  Update Own Credential  Get Own Credential Validity Period  Get Own Credential State 2 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Objects/Operations/Attributes (in the Admin Universe) continued Named Attributes:  Name  UID  Type (Client,Admin, Proxy)  Credential  Credential Validity Period  Credential State Custom Attributes 3 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Flows in terms of the new Objects/Operations/Attributes Xerxes logs into KMS-1 with admin credentials 2. X: Locate name=APP_A 3. X: Mod attribute (possibly with Placeholder ID) Credential=new 4. X: Mod attribute x-version=legacy 5. X: Register name=APP_B, Type=Client Credential=new 6. X: Locate name=APP_B/Destroy (batch w/Placeholder ID) 7. X: Locate or Locate w/attributes 4 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Flows in terms of the new Objects/Operations/Attributes a. Yvonne logs into KMS-2 with admin credentials 1b. Y: Register name=Alice type=Client credential=alice's_cred 2. Alice: Reset Own Credential 3. A: Get UID= 4. A: Get Own Credential Validity Period 5. A: Update Own Credential 5 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Flows in terms of the new Objects/Operations/Attributes a. Xerxes logs into KMS-1 with admin credentials 1b. x: Locate w/attributes 2a. X: logs into KMS-2 with admin credentials 2b. X: Locate Type=admin 3. X, KMS-1: Register name=Yvonne type=admin credential=new 4. X, KMS-2: Locate name=Zander/Destroy 6 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.