Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote Authenticator /Authorizer Instructor: 張顧耀 老師 Student: 曾冠樺.

Published byNickolas Montgomery Modified over 9 years ago

Similar presentations

Presentation on theme: "Remote Authenticator /Authorizer Instructor: 張顧耀 老師 Student: 曾冠樺."— Presentation transcript:

1 Remote Authenticator /Authorizer Instructor: 張顧耀 老師 Student: 曾冠樺

2 Author and Source Author: Eduardo B. Fernandez and Reghu Warrier Dept. of Computer Science and Eng.Florida Atlantic University Boca Raton, FL, USA Source: PLoP 2003

3 Outline Introduction Intent Example Problem of this Example Forces Solution Implementation Consequence

4 Introduction Many distributed systems need to access shared resources. We need a secure and easily manageable authentication and authorization mechanism.

5 Introduction We present here a pattern called remote authentication/authorization pattern. This is a composite pattern consisting of two known patterns: 1. Proxy. 2. Role-Based Access Control.

6 Intent Provide facilities for authentication and authorization when accessing shared resources in a loosely-coupled distributed system.

7 Example A multinational corporation in the US and Brazil. Assume an employee from the US is traveling to Brazil and has the need to access some data from the Brazilian database servers.

8 Example There are two possible ways to achieve this 1. Replicate. 2. Borrow. Both of these solutions have their disadvantages.

9 Problem of this example How can we provide authentication and authorization in a distributed environment without the need for redundant user login information? The changes of the consumer activities.

10 Forces No more redundant. Transparent. Standardize the roles. Keep the user ID.

11 Solution Set up a single entry point that can transparently redirect the user to the correct server where his user login and access information can be validated.

12 Solution: Proxy Pattern Definition: Provide a surrogate or placeholder for another object to control access to it.

13 Solution: Proxy Pattern { // Mainapp test application class MainApp { static void Main() { // Create math proxy MathProxy p = new MathProxy(); // Do the math Console.WriteLine("4 + 2 = " + p.Add(4, 2)); Console.WriteLine("4 - 2 = " + p.Sub(4, 2)); Console.WriteLine("4 * 2 = " + p.Mul(4, 2)); Console.WriteLine("4 / 2 = " + p.Div(4, 2)); // Wait for user Console.Read(); } }

14 Solution: Proxy Pattern // "Subject" public interface IMath { double Add(double x, double y); double Sub(double x, double y); double Mul(double x, double y); double Div(double x, double y); } // "RealSubject" class Math : IMath { public double Add(double x, double y){return x + y;} public double Sub(double x, double y){return x - y;} public double Mul(double x, double y){return x * y;} public double Div(double x, double y){return x / y;} }

15 Solution: Proxy Pattern // "Proxy Object" class MathProxy : IMath { Math math; public MathProxy() { math = new Math(); } public double Add(double x, double y) { return math.Add(x,y); } public double Sub(double x, double y) { return math.Sub(x,y); } public double Mul(double x, double y) { return math.Mul(x,y); } public double Div(double x, double y) { return math.Div(x,y); } } }

16 Solution: Role Based Access Control Pattern Problem: Web-based systems have a variety of users: company employees, customers, partners, search engines, etc. How to assign rights to users according to their roles.

17 Solution: Role Based Access Control Pattern Forces: 1. Different needs for access to information. 2. Storing. 3. Define precisely. 4. Users may have more than one role. 5. Hierarchies of roles, with inheritance of rights. 6. to individual users or to groups of users.

18 Solution: Role Based Access Control Pattern Classes User and Role describe the registered users and the predefined roles, respectively. Users are assigned to roles, roles are given rights according to their functions. The association class Right defines the access types that a user within a role is authorized to apply to the protection object. In fact, the combination Role, ProtectionObject, and Right is an instance of the Authorization pattern.

19 Solution: Role Based Access Control Pattern

20 Solution

21 Implementation Remote Authentication Dial-In User Service (RADIUS) is a widely deployed IETF protocol enabling centralized authentication, authorization, and accounting for network access

22 Implementation

23

24 Consequence: Advantage 1. Roaming. 2. Store the user login and access rights at a single location. 3. The user's login ID, password etc. are stored in the internal RADIUS database or can be accessed from an SQL Database. 4. Transparent. 5. Units such as active cards [ACS] allow complex request/challenge interactions.

25 Consequence: Disadvantage The additional messages used increase overhead, thus reducing performance for simple requests. The system is more complex than a system that directly validates clients.

26 The End Thank You!!!

Download ppt "Remote Authenticator /Authorizer Instructor: 張顧耀 老師 Student: 曾冠樺."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.

Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.
Access Control Methodologies

Access Control Methodologies
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.

IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Database Security with focus on Hyperion Database Supervisor: Dr.Chow Fadi Mohsen CS691.

Database Security with focus on Hyperion Database Supervisor: Dr.Chow Fadi Mohsen CS691.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
One Stop Mail Service Bhattacharya, Tonmoy, Bhattacharya, Tonmoy, Hariharan, Rama Krishnan, MS in Engineering Science,

One Stop Mail Service Bhattacharya, Tonmoy, Bhattacharya, Tonmoy, Hariharan, Rama Krishnan, MS in Engineering Science,
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.
Copyright © Wondershare Software نام و نام ‌ خانوادگی علی عبدلی 88131056 استاد درس آقای دکتر نورحسینی.

Copyright © Wondershare Software نام و نام ‌ خانوادگی علی عبدلی استاد درس آقای دکتر نورحسینی.
Secure Systems Research Group - FAU Security patterns Eduardo B. Fernandez Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton,

Secure Systems Research Group - FAU Security patterns Eduardo B. Fernandez Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton,
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Design Patterns: Proxy Jason Jacob. What is a Proxy? A Proxy is basically a representative between the Client and the Component. It gives the Client a.

Design Patterns: Proxy Jason Jacob. What is a Proxy? A Proxy is basically a representative between the Client and the Component. It gives the Client a.
TRAVEL RESERVATION SYSTEM USING WEB SERVICES COMPOSITION LANGUAGE

TRAVEL RESERVATION SYSTEM USING WEB SERVICES COMPOSITION LANGUAGE
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

Similar presentations

Ads by Google