[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Break the Glass policies
Hi Martin at the NIST PMI conference in September the DoD had a similar concept of overriding access control for operational reasons, but the main difference to BTG is that in the DOD model a system component evaluates the operational need and either overrides or does not on behalf of the user. With BTG we are giving power back to the user to make the informed choice. One thing that our hospital trials uncovered is that you do need the audit and checks afterwards, otherwise it is hypothesised that once users learn that there are no consequences for always BTGing, they always will do it. The purpose for us defining the BTG model and third response it to build the complexity into the application independent PDP layer with consequent simplicity in the PEP layer, and simplicity in specifying the BTG policies. We therefore hope it will make this type of access control much easier to implement in all sorts of application scenarios. regards David Smith, Martin wrote: > David, all -- > > In looking at access policies based on formal policy authorities (like > laws and frederal regulation) we've seen a number of cases where the > only practical source of a person or environmental "attribute" is > assertion by the requestor. The "BTG" attribute is an assertion that an > emergency situation exists. We also have come to the same conclusion > that you have (apparently), namely that ex-post enforcement (via audit > of access logs) is a sufficient basis for enforcement for many kinds of > policies. > > Another general class of self-assertion situations is where a law or > policy says "you can share information 'for the purpose of' something." > Example: passpost clerks can view personal passport records 'for the > purpose of' varifying information in the course of processing a passport > renewal application, (but not for other purposes, like browsing the > information of celebrities.) In many of these scenarios one might > imagine a data source for the attribute that did not depend on > self-assertion, but those data may not be available at least in the > short run. > > I have not considered implementation of this enforcement strategy > (self-assertion plus log audit) to be a standards issue, so much as a > tooling issue (does a PDP product support pop-up requests for > self-asserted information?) But if making a BTG profile stimulates > vendors to add capability for collecting self-assertion data, I'm for > it! > > Martin Smith > US Department of Homeland Security > > > > -----Original Message----- > From: xacml-return-1875-martin.smith=dhs.gov@lists.oasis-open.org > [mailto:xacml-return-1875-martin.smith=dhs.gov@lists.oasis-open.org] On > Behalf Of Ludwig Seitz > Sent: Monday, December 14, 2009 2:52 AM > To: David Chadwick > Cc: xacml > Subject: Re: [xacml] Break the Glass policies > > Hi David, > > you might want to look at this: > http://portal.acm.org/citation.cfm?id=1263871 > > I think it is very similar to what you want to achieve. > > Regards, > > Ludwig > -- ------------------------------------------------------------- The Israeli group Breaking the Silence has just released a collection of testimonies by Israeli soldiers that took part in the Gaza attack last December and January. The testimonies expose significant gaps between the official stances of the Israeli military and events on the ground. See http://www.shovrimshtika.org/news_item_e.asp?id=30 The Israeli government defies Obama, and continues its settlement expansion Israel plans to allocate $250 million over the next two years for settlements http://www.palestinecampaign.org/index7b.asp?m_id=1&l1_id=4&l2_id=24&Content_ID=698 whilst simultaneously continuing to bulldoze Palestinian homes http://salsa.democracyinaction.org/o/301/t/9462/campaign.jsp?campaign_KEY=27357 ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]