[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Use Case Submission
|
Dear all, Find attached (and in ASCII format below) a first draft of some use cases we have been preparing. Best regards, Ginés. Use case 1: Distributed Authorization ------------------------------------- ** Description/User Story ** Enterprises and corporations are usually composed of different working areas or departments: human resources, operations, business office, administrative office, etc. Each corporate area may implement its own access control rules that handle the information and resources in their respective areas and are, somehow, enforcement points. However, some authorization decisions may depend on the information belonging to other areas or domain, which cannot be directly accessed due to privacy issues. In this sense, instead of recovering the required information, the authorization decision is delegated to the areas which could handle it, and the results of such delegated decisions are combined to form an appropriate decision. ** Goal or Desired Outcome ** Authorization decisions are taken based on the decisions of multiples cloud computing parties. ** Categories Covered ** - Authorization. - Account and Attribute management. ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Cloud user. - Cloud Resource. - Local Policy Decision Point - External Policy Decision Point - External Attribute Authority ** Systems ** TBD ** Notable Services ** - Cloud Authorization Service - Cloud Entitlement Service ** Dependencies ** N/A ** Assumptions ** Access control policies are deployed among different administrative domains or areas. Each area deploys policies related to the information they manage. ** Process Flow ** A Cloud User belonging to the administrative domain A tries to access a Cloud Resource controlled by the administrative domain B. To determine if the Cloud User has access to the Cloud Resource, the authorization policies of both domain A (e.g. only users with a specific role could access to external resources) and B (e.g. only users belonging to a specific domain could access to the given Cloud Resource) have to be evaluated. The Policy Decision Point of the domain B evaluates its policies and it requests the Policy Decision Point of the domain A for its authorization decision. The decision from the domain A is combined with its own policies to form the final authorization decision. Use case 2: Administrate distributed access control policies ------------------------------------------------------------- ** Description/User Story ** Large corporations are usually composed of a central office and multiple subsidiaries. We may consider that the central office and each of its subsidiaries independently implement an authorization architecture with their own access policies to manage the access control to their own resources. The central office will need to have an appropriate management over the access control policies of the subsidiaries, in order to establish, for instance, a set of common policies for all subsidiaries (depending for example on some mandatory corporate regulations) or to assign specific policies to each one (depending for example on the type of service they provide), but at the same time allowing that each subsidiary implement its own policies. ** Goal or Desired Outcome ** An administrative domain could manage policies in other administrative domains in a controlled way. ** Categories Covered ** - Account and Attribute management. - Policies Management - Authorization ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Policies Administrator ** Systems ** TBD ** Notable Services ** - Cloud Authorization Service - Policy Administration Service ** Dependencies ** This use case may depend on Use Case 1. ** Assumptions ** An administrative domain has the appropriate privileges to write authorization policies in other administrative domains. ** Process Flow ** A Policies Administrator belonging to a given administrative domain wants to spread access control policies to other administrative domains in order to be enforced by them. Use case 3: Authorization audit -------------------------------- ** Description/User Story ** Cloud Authorization services perform access control decision on sensitive data. There is a need to log and audit the output and details of the authorization decision performed to trace the relevant events happened in the system. ** Goal or Desired Outcome ** Trace the relevant events happened in the system. Cloud User or entities cannot deny having performed an operation or initiated a transaction. ** Categories Covered ** - Audit and Compliance ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Policy Decision Point ** Systems ** TBD ** Notable Services ** - Cloud Authorization Service - Cloud Audit Service ** Dependencies ** N/A ** Assumptions ** N/A ** Process Flow ** A Cloud Authorization Service evaluates some authorization policies to resolve an authorization query. The query, the decision and other relevant details of the evaluation are stored in logs files in either an internal or external service. Additionally, the logs are signed to provide non-repudiation capabilities. Use case 4: Risk based access control systems ---------------------------------------------- ** Description/User Story ** Traditional access control systems assume uniformity of people, components, environments, conditions, etc across the scenario and time. They tend to define its behavior based on static policies. However, when moving to the cloud, they should consider multiple f** Actors ** to determine the security risk and operational need of each access decision. Cloud Authorization services may determine access based on a computation of security risk and operational need, not just proper comparison of attributes. In other words, for each Risk Level and kind of resource, a set of specific counter-measures to protect the resource has to be triggered. Moreover, this risk level could vary during the time, so they should adapt to different situation. ** Goal or Desired Outcome ** Define and adapt enterprise policies for establishing thresholds for security risk and operational need under various conditions ** Categories Covered ** - Policies Management ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Cloud User - Cloud Resource - Policy Decision Point ** Systems ** TBD ** Notable Services ** - Risk Level Administrator Service ** Dependencies ** N/A ** Assumptions ** The authorization policies could be defined based on security risk levels. ** Process Flow ** A Cloud User wants to perform an operation over a Cloud Resource. To determine if the Cloud User is able to do it, an authorization decision is achieved based on the level of risk of the operation on this resource at that specific moment. Use case 5: Policies to determine administration privileges ------------------------------------------------------------ ** Description/User Story ** Administrator of authorization systems usually specify the access privileges by defining access control policies. Who are able to control these policies, that is, the privileges of special users, must be also controlled by defining a special set of administrative-policies. This is especially relevant in scenarios where administrator could define policies outside its domain, for instance in distributed systems. ** Goal or Desired Outcome ** Policies to determine administration privileges are evaluated before the administrator could modify the access control policies. ** Categories Covered ** - Authorization - Policies Management - Account and Attribute Management ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Policies administrator - Policy Decision Point ** Systems ** TBD ** Notable Services ** - Cloud Policy Administration Service ** Dependencies ** N/A ** Assumptions ** N/A ** Process Flow ** A Policy Administrator tries to change some policies either in an internal or external administrative domain. To determine if the administrator is able to change these policies, a Policy Decision Point firstly evaluates the administrative-policies, which determine the privileges of the administrators. Use case 6: Delegate privileges -------------------------------- ** Description/User Story ** In some Cloud scenarios it is common that a Cloud User which holds certain privileges wants to temporary delegate some of them to another Cloud User, without directly involving the policies Administrator. For instance, a Cloud User may want to transfer their role to other Cloud User to perform a specific action, such as a PhD advisor wanting to delegate their privileges to access a digital library to one of their PhD student. The Cloud Authorization Service may provide administration capabilities to the Cloud Users so they could define certain delegation policies, ideally in a user-friendly way. ** Goal or Desired Outcome ** Cloud users are able to temporary delegate part of their privileges to other Cloud users dynamically by making use a special policy administration service. ** Categories Covered ** - Authorization - Account and Attribute Management ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Cloud User - Policy Decision Point ** Systems ** TBD ** Notable Services ** - Cloud Policy Administration Service - Cloud Authorization Service ** Dependencies ** N/A ** Assumptions ** TBD ** Process Flow ** A Cloud User has certain privileges to access a given Cloud Resource. The Cloud User accesses a Cloud Policy Administration Service to define its own delegation policies. These policies specify the conditions of the delegation, such as targeted subjects, time of applicability, environments circumstances, etc. Another Cloud User tries to access the Cloud Resource. The Policy Decision Point evaluates their policies together with the delegation policies to determine whether the Cloud User has access to the Cloud Resource. The Cloud User will have access to the resource if it has the appropriate privileges required for accessing to that resource, or if such privileges have been delegated from other Cloud User. Use case 7: Enforce government access control decisions -------------------------------------------------------- ** Description/User Story ** Cloud service providers tend to manage their authorization services by defining their own policies and rules according to their business requirements. However, regional and national governments have their own requirements. Cloud service providers should be able to assure that tenants\92 compliance and security policies are consistently managed and enforced. The authorization decisions may need to be governed or managed by geographical locations to enforce regional compliance policies. An issue we should not neglect as well is how enterprises or organizations offering services on the Cloud can ensure compliance with the laws and regulations that they are subject to. ** Goal or Desired Outcome ** Authorization decisions comply with applicable laws and regulations. ** Categories Covered ** - Authorization - Audit and Compliance - Governance ** Applicable Deployment and Service Models ** - All Cloud Deployment Models (Private, Public, Community and Hybrid). - All Service Models (SaaS, Paas and Iaas). ** Actors ** - Policy Decision Point - Government Authority ** Systems ** TBD ** Notable Services ** - Cloud Policy Administration Service - Cloud Authorization Service ** Dependencies ** N/A ** Assumptions ** TBD ** Process Flow ** A Cloud User wants to access a Cloud Resource. The Policy Decision Point which evaluates the access control policies related to that Cloud Resource has to take into account applicable regulations to decide whether the Cloud User has access. -- =================================================================== Ginés Dólera Tormo ヒネス・ドレラ・トルモ Research Associate, Security Group NEC Laboratories Europe Kurfuerstenanlage 36 D-69115 Heidelberg (Germany) Tel. +49 (0)6221 4342-220 Fax: +49 (0)6221 4342-155 e-mail: gines.dolera@neclab.eu ------------------------------------------------------------------- NEC Europe Limited Registered Office: NEC House, 1 Victoria Road, London W3 6BL Registered in England 2832014 =================================================================== |
Attachment:
NEC Use cases.doc
Description: x-extension/doc
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]