Gerenciamento Distribuído de Políticas de Controle de Acesso em Ambiente Corporativo
Abstract
The unified management of user rights and access control policies in corporations with many branches may seem paradoxical. The environmental heterogeneity and branch particularities require decentralized controls, while policy management aims for control unification. This paper proposes a distributed architecture for access control with unified management of corporate policies. Starting from rights specified on authorization certificates, corporate branches are autonomous to create and apply policies that will update the corporative repository. The provisioning keeps the policy synchronized on the local branch repository. The prototype using SPKI/SDSI and Web Services shows the proposal's feasibility.
References
OASIS. (2006a). Reference Model for Service Oriented Architecture. http://www.oasis-open.org/specs/index.php#soa-rmv1.0.
W3C. (2004). Web Services Architecture. http://www.w3.org/TR/ws-arch/.
OASIS. (2004). Universal Description Discovery & Integration - UDDI. http://uddi.org/pubs/uddi_v3.htm.
W3C. (2007a). Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language. http://www.w3.org/TR/wsdl20/.
W3C. (2003). SOAP Version 1.2 Part 1: Messaging Framework (Second Edition). http://www.w3.org/TR/soap12-part1/.
W3C. (2006). Extensible Markup Language - XML. http://www.w3.org/TR/xml11/.
OASIS. (2006b). Web Services Security: SOAP Message Security 1.1 - WS-Security. http://www.oasis-open.org/specs/index.php#wssv1.1.
OASIS. (2006c). WS-Trust 1.3. http://www.oasis-open.org/specs/index.php#wstrustv1.3.
W3C. (2007b). Web Services Policy. http://www.w3.org/TR/ws-policy/.
OASIS. (2007a). WS-SecurityPolicy. http://www.oasis-open.org/specs/index.php#wssecpolv1.2.
W3C. (2005). XML Key Management Specification - XKMS. http://www.w3.org/TR/xkms2/.
OASIS. (2006d). Service Provisioning Markup Language - SPML. http://www.oasis-open.org/specs/index.php#spmlv2.0.
OASIS. (2005a). eXtensible Access Control Markup Language - XACML. http://www.oasis-open.org/specs/index.php#xacmlv2.0.
OASIS. (2005b). Assertions and Protocols for the OASIS Security Assertion Markup Language - SAML. http://www.oasis-open.org/specs/index.php#samlv2.0.
IETF. (2001). Terminology for Policy-Based Management. http://www.ietf.org/rfc/rfc3198.txt.
Rivest, R. L. e B. Lampson. (1996). SDSI - A Simple Distributed Security Infrastructure. Massachusetts Institute of Technology.
IETF. (1999). SPKI Certificate Theory. http://www.ietf.org/rfc/rfc2693.txt.
OASIS. (2007b). SAML 2.0 profile of XACML v2.0. http://www.oasis-open.org/specs/index.php#samlv2.0.
NIST. (1997). Entity Authentication Using Public Key Cryptography. FIPS PUB 196. http://csrc.nist.gov/publications/fips/fips196/fips196.pdf.
Morcos, A. (1998). A Java Implementation of Simple Distributed Security Infrastructure. (Master Dissertation). EECS, Massachusetts Institute of Technology.
Mello, E. R. e J. S. Fraga. (2005). Mediation of Trust across Web Services. IEEE ICWS’05.
Camargo, E. T. (2006). Transposição de Autenticação em Arquiteturas Orientadas a Serviço Através de Identidades Federadas. (Dissertação de Mestrado). PGEEL, UFSC.
W3C. (2004). Web Services Architecture. http://www.w3.org/TR/ws-arch/.
OASIS. (2004). Universal Description Discovery & Integration - UDDI. http://uddi.org/pubs/uddi_v3.htm.
W3C. (2007a). Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language. http://www.w3.org/TR/wsdl20/.
W3C. (2003). SOAP Version 1.2 Part 1: Messaging Framework (Second Edition). http://www.w3.org/TR/soap12-part1/.
W3C. (2006). Extensible Markup Language - XML. http://www.w3.org/TR/xml11/.
OASIS. (2006b). Web Services Security: SOAP Message Security 1.1 - WS-Security. http://www.oasis-open.org/specs/index.php#wssv1.1.
OASIS. (2006c). WS-Trust 1.3. http://www.oasis-open.org/specs/index.php#wstrustv1.3.
W3C. (2007b). Web Services Policy. http://www.w3.org/TR/ws-policy/.
OASIS. (2007a). WS-SecurityPolicy. http://www.oasis-open.org/specs/index.php#wssecpolv1.2.
W3C. (2005). XML Key Management Specification - XKMS. http://www.w3.org/TR/xkms2/.
OASIS. (2006d). Service Provisioning Markup Language - SPML. http://www.oasis-open.org/specs/index.php#spmlv2.0.
OASIS. (2005a). eXtensible Access Control Markup Language - XACML. http://www.oasis-open.org/specs/index.php#xacmlv2.0.
OASIS. (2005b). Assertions and Protocols for the OASIS Security Assertion Markup Language - SAML. http://www.oasis-open.org/specs/index.php#samlv2.0.
IETF. (2001). Terminology for Policy-Based Management. http://www.ietf.org/rfc/rfc3198.txt.
Rivest, R. L. e B. Lampson. (1996). SDSI - A Simple Distributed Security Infrastructure. Massachusetts Institute of Technology.
IETF. (1999). SPKI Certificate Theory. http://www.ietf.org/rfc/rfc2693.txt.
OASIS. (2007b). SAML 2.0 profile of XACML v2.0. http://www.oasis-open.org/specs/index.php#samlv2.0.
NIST. (1997). Entity Authentication Using Public Key Cryptography. FIPS PUB 196. http://csrc.nist.gov/publications/fips/fips196/fips196.pdf.
Morcos, A. (1998). A Java Implementation of Simple Distributed Security Infrastructure. (Master Dissertation). EECS, Massachusetts Institute of Technology.
Mello, E. R. e J. S. Fraga. (2005). Mediation of Trust across Web Services. IEEE ICWS’05.
Camargo, E. T. (2006). Transposição de Autenticação em Arquiteturas Orientadas a Serviço Através de Identidades Federadas. (Dissertação de Mestrado). PGEEL, UFSC.
Published
2008-09-01
How to Cite
MARCON JR., Arlindo Luis; SANTIN, Altair Olivo; STIHLER, Maicon.
Gerenciamento Distribuído de Políticas de Controle de Acesso em Ambiente Corporativo. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 8. , 2008, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2008
.
p. 31-44.
DOI: https://doi.org/10.5753/sbseg.2008.20886.
