1. Page 1 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Context-based Coalition Access Control for Spontaneous Networking Ramiro Liscano, Kaining Wang University of Ottawa April 2005 NCAC Workshop 2005

2. Page 2 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Introduction Increasing Need  Need for access control among individuals and organizations of different entities has increased as the need for spontaneous access to information increases; Problem Statement  Enterprise collaboration in an ad hoc manner is hampered greatly by the inability of persons associated with different enterprises to share resources securely within an organization or across organizations. Challenges  To develop a mechanism where the administration overhead is minimal and every enterprise may use its own security policy languages;  To facilitate access control for ad hoc interactions;

3. Page 3 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 RBAC ’ s limitations for Collaborative Environment (CE) RBAC is a commonly used mechanism for managing access control, but:  Is not a mechanism that supports coalition access control since it does not does not provide an abstraction to capture a set of collaborative users or delegations.  Traditional RBAC systems depend upon a central trusted computing base administered by a single authority, which contains the entire organization ’ s security policy. This approach does not scale to the large numbers of mutually anonymous users one might encounter in CEs.  Each organization manages their own access rights to resources making it difficult to automatically coordinate effective collaboration session that require use of resources across the enterprise.

4. Page 4 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Delegation Model based on the dRBAC Model 1 Motivated by the problem of controlling access to resources in a coalition environment, in which multiple organizations are unwilling to rely on a third party to administer trust relationships; The dRBAC infrastructure provides mechanisms for  Publishing of delegations;  Delegation discovery and validation to build proofs;  Proofs for delegations are performed in local wallets;  In order to handle the complex delegation problem in a distributed environment, dRBAC uses discovery tags to discover and authorize a delegation chain (a trust relationship which is spread over multiple wallets)  Continuous monitoring of credential validity.  Uses delegation subscriptions to monitor and propagate run-time delegation changes in all parties.

5. Page 5 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Some dRBAC Principles Delegations:  [Subject -> Object] Issuer  The Subject (role/entity) has the permissions of the Object (role)  Object == OEntity.OName  Object’s name in the namespace associated with OEntity Right of Assignment  [Subject -> Object’] Issuer  Subject is given the right-of-assignment to delegate the role Object.

6. Page 6 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 dRBAC Infrastructure – A conference example Company B Company A

7. Page 7 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Applying dRBAC in ad hoc context Limitation of dRBAC  The roles and delegations in dRBAC have been a-priori assigned and distributed; Challenges  For ad hoc situations, where the parties are not known a-priori, delegations and roles should be shared among participants in an ad hoc context;  A contextual model needs to be defined to support contextual reasoning, i.e. RoomA32 -> Building A -> Meeting Room Ideas  Contextual-based dRBAC model to support spontaneous networking;  Use SIP communication session as the contextual event that is leveraged by the Context-based dRBAC model.

8. Page 8 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Modifying dRBAC for Context-based Access Control In order to transform the dRBAC Infrastructure to support spontaneous communications, 3 processes in the dRBAC model must be automated.  Addresses of the “wallet keepers” at each end point must be discovered;  The end points need to either agree on a common collaborative role or exchange corporate roles;  Each end point needs to exchange delegations;

9. Page 9 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Using a Communication Session as Context Why a Communication Session?  Communication sessions are a common context in most ad hoc collaborative scenarios;  The session protocol can be modified to discover the address of a Delegation Security Manager server;  We introduce a dRBAC SIP session with a particular “Session Role”.  The Delegation Security Manager is used to delegate a “Session Role” to all the participants of the CE.  These delegations are distributed across all the Security Managers.  This is a simpler model than the original dRBAC model in that the proof for any delegation can be done locally rather than distributed across several locations.

10. Page 10 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 SIP dRBAC Session A SIP SDP component is used to carry information of the end point capabilities for the establishment of a communication session; Key arguments in the SDP message:  v= Version  o= username session-id version network-type address-type address  s= Session name  c= network-type address-type connection-address  t= start-time stopt-time  m= media port transport format-list Define a new SIP Session Description Protocol (SDP) for the Delegation Security Manager;  m=application 1660 TCP DRBAC

11. Page 11 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Negotiating the User Roles At first we were considering that need for the Security Mangers to delegate end point roles but in retrospect in turns out to be easier to define a local role for each session. For all foreign users that are involved in a communication session the Security Manager delegates a local role to that foreign user.  UserB@companyB.com  LocalSessionRole Local users can delegate their access rights to the local session role.  UserA’s role  SessionRole: UserA

12. Page 12 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 SIP Example

13. Page 13 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Including the Contextual Information Context information are attached as conditions for a delegation as an extension for dRBAC ; Format:  [Subject -> Object] (ContextConditions*) Issuer;  where ContextConditions = (OEntity.OName Context OP value)  Interpreted as delegation Subject -> Object is valid under the Issuer’s domain that match the ContextConstraints. Example:  [CompanyB.member -> CompanyA.roomAdmin]  (CompanyA.research Activity == Communication_Session) Bob;  For this delegation to be true Bob must be in the CompanyA.research role and be in the Activity of a Communication_Session

14. Page 14 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Creating a Contextual Model The Contextual Model facilitates in creating high level delegation contraints.  (Activity == PhoneSession && Location == MeetingRoom)  the value of activity and location are general classes  Activity == PhoneSession.SessionID1234 and Location == MeetingRoom.SITE4004 should evaluate to TRUE for the above constraints. A Contextual Ontology is required.  It can be locally defined but a “good” model will help facilitate building a particular local model.

15. Page 15 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Contextual Model Class HierarchyAttributes Location Organization Building Floor Office MeetingRoom Cafeteria Restroom Stairway Name Latitude Longitude ContainedBy Activity Presentation Listening WorkOut Entertainment Eating CommunicationSession PhoneSession Name StartTime EndTime Status Participant

16. Page 16 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Conclusion An extension to dRBAC by applying context information conditions into delegations to provide more flexible and fine-grained access control; Central idea is to use context-based role change and delegation to minimize the amount of administrative overhead and facilitate access control in coalition and pervasive computing environment. We are in the early stages in further refining the details of the approach.  The contextual model is being refined further and OWL is being considered to represent the context.  A delegation proofing algorithm has been defined. In the process of being implemented.