Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lessons Learned from AuthZ Project an Authorization Center

Published byفاطمه زهرا ظفری Modified over 6 years ago

Similar presentations

Presentation on theme: "Lessons Learned from AuthZ Project an Authorization Center"— Presentation transcript:

1 Lessons Learned from AuthZ Project an Authorization Center
Carnegie Mellon University Parviz Dousti

2 Driving Forces Alumni Email For Life
Central Administration of Policies

3 Services Network Access Cluster Login Access Portal Access
Netreg Dialup VPN Cluster Login Access Portal Access Library Access Software Download Access

4 Policies e.g: Softdist: accounts where owner's affiliation is in {Faculty, Special Faculty, Staff} + accounts where owner's affiliation is Student and owner's SIS category is "Enrolled“. Policy: accounts where owner's affiliation is in {Faculty, Special Faculty, Staff, Student} + accounts where owner's affiliation is Alum and owner's Student Class is "2004"

5 Conceptual Design

6 Priorities Easiest for Applications and Services Extensibility
Using Standards

7 Why LDAP Standard and unambiguous protocol Already used by most apps.
Existing Authentication/Authorization Env. Most policy attributes are already there

8 LDAP at CMU Openldap Trigger Server SQL(Oracle) backend

9 Trigs

10 SQL-back LDAP Uses ODBC to contact an RDBM
Can add, modify, delete LDAP entries LDAP users don't know the difference … So we can use RDBM to help with data consistency.

11 First Design Using LDAP Group Membership as Authorization
Service = Group Maintaining static aclGroups Using Oracle triggers Using XACML for policy

12 First Design

13 First Design Problems Notion of time not allowed in Policy
Policy/Attributes mapping Oracle 9i and Java 1.4 Transactional Problem

14 Latest Design

15 Latest Design AuthZ queations: isAuthorized authorizedTo allAuthorized
whenAuthorizedThen

Download ppt "Lessons Learned from AuthZ Project an Authorization Center"

Similar presentations

Parviz Dousti IT Consulting Engineer Computing Service Carnegie Mellon University Oct. 1 st 2012.

Parviz Dousti IT Consulting Engineer Computing Service Carnegie Mellon University Oct. 1 st 2012.
Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.

Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
CSC 2720 Building Web Applications Database and SQL.

CSC 2720 Building Web Applications Database and SQL.
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.
SIMI: ISO Perspective Al ISO CSU Northridge

SIMI: ISO Perspective Al ISO CSU Northridge
Maricopa Community Colleges Maricopa County is one of the fastest growing population areas in United States.

Maricopa Community Colleges Maricopa County is one of the fastest growing population areas in United States.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
XACML in real-world applications Doron Grinstein, CEO BiTKOO +1-818-985-4700 888-4-BiTKOO

XACML in real-world applications Doron Grinstein, CEO BiTKOO BiTKOO
Digital Identity Management Strategy, Policies and Architecture Kent Percival 2005 06 23 A presentation to the Information Services Committee.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
ID Management in University ID Management in University Kenzi Watanabe Saga University, Japan

ID Management in University ID Management in University Kenzi Watanabe Saga University, Japan
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Some aspects of Library Technology Infrastructure in the US and Japan Tim Deliyannides & Takeshi Kuboyama 2008-02-26.

Some aspects of Library Technology Infrastructure in the US and Japan Tim Deliyannides & Takeshi Kuboyama
The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages,

The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages,

Similar presentations

Ads by Google