Presentation is loading. Please wait.

Presentation is loading. Please wait.

XACML Showcase RSA Conference 2012. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Published byMercy Johns Modified over 8 years ago

Similar presentations

Presentation on theme: "XACML Showcase RSA Conference 2012. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n."— Presentation transcript:

1 XACML Showcase RSA Conference 2012

2 What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n Ability to use any available information n Superset of Permissions, ACLs, RBAC, etc n Scales from PDA to Internet n Federated policy administration n OASIS and ITU-T Standard

3 Trends Driving Fine-Grained Access Control n Complex authorization scenarios l Multiple attributes and attribute sources required for evaluation n De-perimeterization l A firewall is no longer sufficient security n Service Oriented Architecture l Multiple access contexts for each service n Software as a Service (looking forward) l Complex interactions of internal and external components

4 Powerful Policy Expression n “Anyone can use web servers with the ‘spare’ property between 12:00 AM and 4:00 AM” n “Salespeople can create orders, but if the total cost is greater that $1M, a supervisor must approve” n “Anyone view their own 401K information, but nobody else’s” n “The print formatting service can access printers and temporary storage on behalf of any user with the print attribute” n “The primary physician can have any of her patients’ medical records sent to a specialist in the same practice.”

5 Key XACML Features n Federated Policy Administration l Multiple policies applicable to same situation l Combining rules to resolve conflicts n Decision may include Obligations l In addition to Permit or Deny l Obligation can specify present or future action l Examples: Log request, require human approval, delete data after 30 days n Protect any resource l Web Server, Java or C++ Object, Room in building, Network Access, Web Service, Geographic Data, Health Records, etc.

6 XACML Benefits n Standard Policy Language l Investment protection l Skills reuse n Leverage XML tools n Policy not in application code l Reduce cost of changes l Consistent application l Enable audit

7 XACML Architecture PDP Decision Application Administration Policy Repository PEP Enforcement Client Authorities Attribute Repositories PDP Resources

8 XACML 3.0 New Features n Administration/Delegation Profile n Request context generalization n New Combining Algorithms n Generalized Multiple Decision Requests n Advice (non-binding Obligations) n New time and Xpath functions

9 European Identity Award 2011 XACML 3.0

10 XACML Showcase - RSA 2012 n Demonstrating policies that govern access to Intellectual Property n Metadata carried in documents n Based on draft Intellectual Property Control Profile n Documents served from different server types

11 Showcase Participants

12 Intellectual Property Control Profile n Policy-based access control to IP resources, such as proprietary, patent, and copyright information. n Standardized attribute name and value pairs promote more granular authorization model. n The potential loss of IP is not only an existential threat to companies, but also a security threat to nation states. (continued)

13 Intellectual Property Control Profile l Subject Attributes n Organizational Affiliation n Organization Type n Organizational Relationship n Affiliation-Type n Agreement-Id (continued)

14 Intellectual Property Control Profile l Resource Attributes n Copyright, Patent, Proprietary, Public Domain, Trademark n IP Owner, IP Designee, Agreement Type, Agreement Id, Effective Date, Expiration Date l Obligations n Encrypt, Marking n (not part of showcase)

15 What is Boeing C IPHER ? n Windows based application designed to examine electronic documents for: l 1. Information that is hidden from view and l 2. User defined key word phrases n The software is used extensively within Boeing, the U.S. Military and Fortune 500 companies to support: l Trusted Download - supports searching for key words and embedded objects to determine category l Export Compliance - supports searching for program specific key words and identifies hidden or obscured information to determine exportability l Information / Software Release processes - supports searching for categorization phrases to determine release-ability l Document Categorization - supports searching for key phrases to identify intellectual property, PII, and unique technologies l Metadata (“tagging”) – supports tagging of documents with metadata based on key words or patterns. l Computer Forensics - supports identification of embedded objects, code (malware) to determine threat level

16 C IPHER Document Categorization Use Case 1.Key word phrases are defined using C IPHER and stored for future use. 4.Based on which key phrases are located and their confidence factors, C IPHER assigns metadata attributes to the document and writes them in the document properties. 2.File(s) to be analyzed are dragged and dropped on the C IPHER application. 3.C IPHER opens the file in its native application and analyzes the file for previously defined key word phrases. The analysis results are documented in a log. 5.When multiple documents are analyzed, a results Excel workbook is created detailing the results of all of the documents.. 6. The file(s) is/are optionally saved.

17 Showcase Configurations PDP Policy Repository Decision Administration PEP Enforcement Client Attribute Repositories Authorities Document Server Documents Attributes

Download ppt "XACML Showcase RSA Conference 2012. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Understanding Active Directory

Understanding Active Directory
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
XACML Briefing for PMRM TC Hal Lockhart July 8, 2014.

XACML Briefing for PMRM TC Hal Lockhart July 8, 2014.

Similar presentations

Ads by Google