Akenti Distributed Access Control ApplicationOverviewBackgroundGoalsAkenti High Level Diagram (Credit JISC)Akenti at a Closer ViewAkenti specific certificatesAkenti specific certificates (2)Entities in this exerciseAkenti Engine – Case Study IAkenti Engine – Case Study IIAkenti Engine – Case Study IIIAkenti Engine – Case Study IVUsageConclusionReferencesQuestionsAkenti Distributed Access Control ApplicationByJiewei LinOverview•Background•Design goals•Akenti specific certificates•Akenti engine•Akenti in use•Conclusion•ReferencesBackground•Started at Lawrence Berkeley National Lab in 1998•Designed to solve problem of multiple resource and multiple owners•Used in a public-key environmentGoals•Allow different owner requirements•Take immediate effect of owner requirements•Support high level of integrity and non-repudiationAkenti High Level Diagram (Credit JISC)Akenti at a Closer ViewAkenti specific certificates•Policy certificates•Use Condition certificates•Attribute certificates•Capability certificatesAkenti specific certificates (2)•Shown an exampleEntities in this exercise•CA I •CA IA (ca of Stake Holder I, and User I.)•Stake Holder I•User I (has Attribute Cert: ou=sjsu && job=student, and cn=User I)Akenti Engine – Case Study I•Resource: R1•Policy Cert.: trusted CA = CAI•Use Cond.: ou=sjsu && job=student scope=local critical=true actions=read Permission Granted: action=readAkenti Engine – Case Study II•Resource: R2•Policy Cert.: trusted CA = CAI•Use Cond.: ou=sjsu && job=student scope=subtree critical=true actions=read Permission Granted: action=readAkenti Engine – Case Study III•Resource: R2/S1•Policy Cert.: trusted CA = CA I•Use Cond.: cn=User I scope=local critical=false actions=write, execute Permission Granted: action=read, write, executeAkenti Engine – Case Study IV•Resource: R3•Policy Cert.: trusted CA = CA I•Use Cond.: ou=sjsu && job=student scope=local critical=true actions=read•Use Cond.: time>10:00 && time <12:00 scope=local critical=true actions=write, executePermission Granted: action=read action=write, execute if time>10:00 && time <12:00Usage•As a function•As an access control using Apache module in a web serverConclusion•Mature and sophisticated authorization app.•Uses flexible access control policies•A useful toolReferences•[AK] http://www-itg.lbl.gov/security/Akenti/ •[JISC] http://umbriel.dcs.gla.ac.uk/NeSC/general/talks/140/7.ppt •[SURA] http://www.dpo.uab.edu/sura/Security/sld001.htmQuestions
View Full Document