Presentation is loading. Please wait.

Presentation is loading. Please wait.

Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto)

Published byDelilah Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto)"— Presentation transcript:

1 Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto) Objects If an app has authenticated as a client it will return a list of owned Entities Inother words, clients own Objects, admins own Entities  Authenticating as client or admin is outside of the scope of this set of use-cases 1 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

2 Objects/Operations/Attributes (in the Admin Universe) Objects:  Entity  (?) Entity Template Operations (only with admin role):  Register  Destroy  Add/Mod/Del Attr  Locate  (?) Locate w/attributes Operations (with client role):  Update Own Credential  Get Own Credential Validity Period  Get Own Credential State 2 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

3 Objects/Operations/Attributes (in the Admin Universe) continued Named Attributes:  Name  UID  Type (Client,Admin, Proxy)  Credential  Credential Validity Period  Credential State Custom Attributes 3 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

4 Flows in terms of the new Objects/Operations/Attributes 2.1.4 1. Xerxes logs into KMS-1 with admin credentials 2. X: Locate name=APP_A 3. X: Mod attribute (possibly with Placeholder ID) Credential=new 4. X: Mod attribute x-version=legacy 5. X: Register name=APP_B, Type=Client Credential=new 6. X: Locate name=APP_B/Destroy (batch w/Placeholder ID) 7. X: Locate or Locate w/attributes 4 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

5 Flows in terms of the new Objects/Operations/Attributes 2.2.3 1a. Yvonne logs into KMS-2 with admin credentials 1b. Y: Register name=Alice type=Client credential=alice's_cred 2. Alice: Reset Own Credential 3. A: Get UID= 4. A: Get Own Credential Validity Period 5. A: Update Own Credential 5 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

6 Flows in terms of the new Objects/Operations/Attributes 2.3.3 1a. Xerxes logs into KMS-1 with admin credentials 1b. x: Locate w/attributes 2a. X: logs into KMS-2 with admin credentials 2b. X: Locate Type=admin 3. X, KMS-1: Register name=Yvonne type=admin credential=new 4. X, KMS-2: Locate name=Zander/Destroy 6 Admin Use-case implications v0.9 Denis Pochuev/SafeNet

Download ppt "Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto)"

Similar presentations

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012.

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!

SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Business Transformation Redefined | www.criti.in 1 PASP®ID solution for DLLR's Division of Occupational and Professional Licensing -Powered by manageID®

Business Transformation Redefined | 1 PASP®ID solution for DLLR's Division of Occupational and Professional Licensing -Powered by manageID®
Modifying Managed Objects Alan Frindell 3/29/2011.

Modifying Managed Objects Alan Frindell 3/29/2011.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.

KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
NewTech Book Store Faculty: Mr. Hieu Le Trung Student: Tan Do Nhat Batch code: B100016 Centre: NIIT Saigon Project Report.

NewTech Book Store Faculty: Mr. Hieu Le Trung Student: Tan Do Nhat Batch code: B Centre: NIIT Saigon Project Report.
Mint-user MINT Technical Overview October 8 th, 2010.

Mint-user MINT Technical Overview October 8 th, 2010.
How To Batch Register Your Students

How To Batch Register Your Students
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Illustration Assets for KMIP Use Case Document. Users.

Illustration Assets for KMIP Use Case Document. Users.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.

Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.
Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas

© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

Similar presentations

Ads by Google