information sharing and security in dynamic coalitions
If you can't read please download the document
DESCRIPTION
Information Sharing and Security in Dynamic Coalitions. Steven A. Demurjian Computer Science & Engineering Department 371 Fairfield Road, Box U-2155 The University of Connecticut Storrs, Connecticut 06269-2155 http://www.engr.uconn.edu/~steve [email protected]. - PowerPoint PPT PresentationTRANSCRIPT
-
DCP-*
CSE5095
DCP: Global Command and Control System Client/ServerClient/ServerINTELSUPPORTMISSION PLANNINGTOPOARTYAIR DEFENCEAIR DEFENCEARTYMOBILE SUBSCRIBER EQUIPMENTDATA RADIO XX XMOBILE SUBSCRIBER EQUIPMENTARTYSUPPORTTOPOSUPPORTMISSION PLANNINGMETSATCOMSATCOMSATCOMMETCompanyPlatoonSquadFBCB2/EBCBATTLEFIELD C2 SYSTEMEMBEDDED BATTLE COMMANDFBCB2/EBCTacticalInternetClient/ServerGLOBAL C2 SYSTEMSMANEUVERCONTROLSATELLITEAIR DEFENCEINTELINTELMANEUVERCONTROLMANEUVERCONTROL
DCP-*
CSE5095
DCP:Global Command and Control System
DCP-*
CSE5095
DCP:Global Command and Control SystemCommon Operational Picture
DCP-*
CSE5095
DCP: Critical RequirementsDifficult to Establish RolesRequires Host AdministratorNot Separate RolesNo Time Controllable AccessTime Limits on UsersTime Limits on Resource AvailabilityTime Limits on Roles No Value ConstraintsUnlimited Common Operational PictureUnlimited Access to Movement InformationDifficult to Federate Users and ResourcesU.S. Only systemPrivate Network (Not Multi-Level Secure)
DCP-*
CSE5095
GCCS Shortfalls: User RolesCurrently, GCCS Users have Static Profile Based on Position/Supervisor/Clearance LevelGranularity Gives Too Much AccessProfile Changes are Difficult to Make - Changes Done by System Admin. Not Security OfficerWhat Can User Roles Offer to GCCS?User Roles are Valuable Since They Allow Privileges to be Based on ResponsibilitiesSecurity Officer Controls RequirementsSupport for Dynamic Changes in PrivilegesTowards Least Privilege
DCP-*
CSE5095
Non-Military Crisis: User RolesEmergent Crisis (Katrina) Requires a Response Some Critical IssuesWhos in Charge?Who is Allowed to do What?Who can Mobilize Governmental Resources?Roles can Help:Role for Crisis CommanderRoles for Crisis ParticipantsRoles Dictate Control over ResourcesFor Katrina: Lack of Leadership & Defined RolesArmy Corps of Engineers Only Allowed to Repair Levees Not Upgrade and Change
DCP-*
CSE5095
GCCS Shortfalls: Time Controlled AccessCurrently, in GCCS, User Profiles are Indefinite with Respect to TimeLonger than a Single CrisisDifficult to Distinguish in Multiple CrisesNo Time Controllable Access on Users or GCCS ResourcesWhat can Time Constrained Access offer GCCS?Junior Planners - Air Movements of Equipment Weeks before DeploymentSenior Planners - Adjustment in Air Movements Near and During DeploymentSimilar Actions are Constrained by Time Based on Role
DCP-*
CSE5095
Non-Military Crisis: Time Controlled AccessMultiple Crisis Require Ability to Distinguish Between Roles Based on Time and CrisisOccurrence of Rita (one Crisis) Impacted the Ongoing Crisis (Katrina)Need to Manage Simultaneous Crisis w.r.t. TimeDifferent Roles Available at Different Times within Different CrisesRole Might be Finishing in one Crisis (e.g., First Response Role) and Starting in AnotherIndividual May Play Different Roles in Different CrisisIndividual May Play Same Role with Different Duration in Time w.r.t. its Activation
DCP-*
CSE5095
GCCS Shortfalls: Value Based AccessCurrently, in GCCS, Controlled Access Based on Information Values Difficult to AchieveUnlimited Viewing of Common Operational Picture (COP)Unlimited Access to Movement InformationAttempts to Constrain would have to be Programmatic - which is Problematic!What can Value-Based Access Offer to GCCS?In COP Constrain Display of Friendly and Enemy PositionsLimit Map Coordinates DisplayedLimit Tier of Display (Deployment, Weather, etc.)
DCP-*
CSE5095
Non-Military Crisis: Value Based AccessIn Katrina/Rita, What People can See and Do May be Limited Based on RoleKatrina Responders Limited to Katrina DataRita Responders Limited to Rita DataSome Responders (Army Corps Engineers) May Need Both to Coordinate ActivitiesWithin Each Crisis, Information Also LimitedSome Katrina Roles (Commander, Emergency Responders, etc.) see All DataOther Katrina Roles Limited (Security Deployment Plans Not Available to AllAgain Customization is Critical
DCP-*
CSE5095
GCCS Shortfalls: Federation NeedsCurrently, GCCS is Difficult to Use for DCPDifficult to Federate Users and ResourcesU.S. Only systemIncompatibility in Joint and Common ContextsPrivate Network (Not Multi-Level Secure)What are Security/Federation Needs for GCCS?Quick Admin. While Still Constraining US and Non-US AccessEmploy Middleware for Flexibility/RobustnessSecurity Definition/Enforcement FrameworkExtend GCCS for Coalition Compatibility that Respects Coalition and US Security Policies
DCP-*
CSE5095
Non-Military Crisis: Federation NeedsCrisis May Dictate Federation CapabilitiesKatrinaDevastated Basic Communication at All LevelsThere was No Need to Federate Computing Systems at Crisis Location with No Power, etc.RitaCrisis Known Well in AdvanceHowever, Didnt PreventDisorganized Evacuation10+ Hour Highway WaitsRunning out of FuelFederation Myst Coordinate Critical Resources
DCP-*
CSE5095
Information Sharing and SecurityFederated Resources
DCP-*
CSE5095
Information Sharing and SecuritySyntactic ConsiderationsSyntax is Structure and Format of the Information That is Needed to Support a CoalitionIncorrect Structure or Format Could Result in Simple Error Message to Catastrophic EventFor Sharing, Strict Formats Need to be MaintainedIn US Military, Message Formats IncludeHeading and Ending Section United States Message Text Formats (USMTF)128 Different Message FormatsText Body of Actual MessageProblem: Formats Non-Standard Across Different Branches of Military and Countries
DCP-*
CSE5095
Information Sharing and SecuritySemantics ConcernsSemantics (Meaning and Interpretation)USMTF - Different Format, Different MeaningEach of 128 Messages has Semantic InterpretationCommunicate Logistical, Intelligence, and Operational InformationSemantic ProblemsNATO and US - Different Message FormatsDifferent Interpretation of ValuesDistances (Miles vs. Kilometers)Grid Coordinates (Mils, Degrees)Maps (Grid, True, and Magnetic North)
DCP-*
CSE5095
Information Sharing and SecuritySyntactic & Semantic ConsiderationsWhats Available to Support Information Sharing?How do we Insure that Information can be Accurately and Precisely Exchanged?How do we Associate Semantics with the Information to be Exchanged?What Can we Do to Verify the Syntactic Exchange and that Semantics are Maintained?Can Information Exchange Facilitate Federation? How do we Deal with Exchange to/from Legacy Applications?Can this be Handled Dynamically?Or, Must we Statically Solve Information Sharing in Advance?
DCP-*
CSE5095
Information Sharing and SecurityPragmatics IssuesPragmatics Require that we Totally Understand Information Usage and Information MeaningKey Questions Include:What are the Critical Information Sources?How will Information Flow Among Them?What Systems Need Access to these Sources?How will that Access be Delivered?Who (People/Roles) will Need to See What When? How will What a Person Sees Impact Other Sources?
DCP-*
CSE5095
Information Sharing and SecurityPragmatics IssuesPragmatics - Way that Information is Utilized and Understood in its Specific ContextFor Example, in GCCS
DCP-*
CSE5095
Information Sharing and Security Pragmatics IssuesPragmatics in GCCS
DCP-*
CSE5095
Information Sharing and SecurityData IntegrityConcerns: Consistency, Accuracy, ReliabilityAccidental ErrorsCrashes, Concurrent Access, Logical ErrorsActions:Integrity ConstraintsGUIsRedundancyMalicious ErrorsNot Totally PreventableActions:Authorization, Authentication, Enforcement PolicyConcurrent Updates to Backup DBsDual Homing
DCP-*
CSE5095
Information Sharing and Security Discretionary Access ControlWhat is Discretionary Access Control (DAC)?Restricts Access to Objects Based on the Identity of Group and /or SubjectDiscretion with Access Permissions Supports the Ability to Pass-on PermissionsDAC and DCPPass on from Subject to Subject is a ProblemInformation Could be Passed from Subject (Owner) to Subject to Party Who Should be RestrictedFor Example,Local Commanders Cant Release InformationRely on Discretion by Foreign Disclosure OfficerPass on of DAC Must be Carefully Controlled!
DCP-*
CSE5095
Information Sharing and Security Role Based Access ControlWhat is Role Based Access Control (RBAC)?Roles Provide Means for Permissions to Objects, Resources, Based on ResponsibilitiesUsers May have Multiple Roles Each with Different Set of PermissionsRole-Based Security Policy Flexible in both Management and UsageIssues for RBAC and DCPWho Creates the Roles? Who Determines Permissions (Access)? Who Assigns Users to Roles? Are there Constraints Placed on Users Within Those Roles?
DCP-*
CSE5095
Information Sharing and Security Mandatory Access ControlWhat is Mandatory Access Control (MAC)?Restrict Access to Information, Resources, Based on Sensitivity Level (Classification) Classified Information - MAC RequiredIf Clearance (of User) Dominates Classification, Access is AllowedMAC and DCPMAC will be Present in Coalition AssetsNeed to Support MAC of US and PartnersPartners have Different Levels/LabelsNeed to Reconcile Levels/Labels of Coalition Partners (which Include Past Adversaries!)
DCP-*
CSE5095
Information Sharing and SecurityOther IssuesIntrusion DetectionNot PreventionIntrusion Types:Trojan Horse, Data Manipulation, SnoopingDefense: Tracking and AccountabilitySurvivabilityReliability and AccessibilityDefense:RedundancyCryptographyFundamental to SecurityImplementation Details (key distribution)
DCP-*
CSE5095
A Service-Based Security Architecture
DCP-*
CSE5095
Required Security Checks
DCP-*
CSE5095
Stepping BackSecurity for Distributed EnvironmentsBackground and MotivationWhat are Key Distributed Security Issues?What are Major/Underlying Security Concepts?What are Available Security Approaches?Identifying Key Distributed Security RequirementsFrame the Solution ApproachOutline UConn Research Emphasis:Secure Software Design (UML and AOSD)Middleware-Based Realization (CORBA/JINI)Information Exchange via XML
DCP-*
CSE5095
Security for Distributed ApplicationsHow is Security Handled for Individual Systems?What about Distributed Security?Security Issues for New Clients?New Servers? Across Network?What if Security Never Available for Legacy/COTS/Database?Security Policy, Model, and Enforcement?
DCP-*
CSE5095
DC for Military Deployment/EngagementLFCSCanadaSICF FranceHEROS GermanySIACCON ItalyOBJECTIVES: Securely Leverage Information in a Fluid EnvironmentProtect Information While Simultaneously Promoting the CoalitionSecurity Infrastructure in Support of DCP
DCP-*
CSE5095
DC for Medical EmergencyGovt.
TransportationMilitaryMedicsLocalHealthCareCDCISSUES: Privacy vs. Availability in Medical RecordsSupport Life-Threatening Situations via Availability of Patient Data on Demand
DCP-*
CSE5095
Security Issues: Confidence in SecurityAssuranceDo Security Privileges for Each User Support their Needs?What Guarantees are Given by the Security Infrastructure in Order to Attain:Safety: Nothing Bad Happens During ExecutionLiveness: All Good Things can Happen During ExecutionConsistencyAre the Defined Security Privileges for Each User Internally Consistent? Least-Privilege PrincipleAre the Defined Security Privileges for Related Users Globally Consistent? Mutual-Exclusion
DCP-*
CSE5095
Security for CoalitionsDynamic Coalitions will play a Critical Role in Homeland Security during Crisis SituationsCritical to Understand the Security Issues for Users and System of Dynamic CoalitionsMulti-Faceted Approach to SecurityAttaining Consistency and Assurance at Policy Definition and EnforcementCapturing Security Requirements at Early Stages via UML Enhancements/ExtensionsProviding a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting
DCP-*
CSE5095
Four Categories of QuestionsQuestions on Software Development ProcessSecurity Integration with Software DesignTransition from Design to DevelopmentQuestions on Information Access and FlowUser Privileges key to Security PolicyInformation for Users and Between UsersQuestions on Security Handlers and ProcessorsManage/Enforce Runtime Security PolicyCoordination Across EC NodesQuestions on Needs of Legacy/COTS Appls.Integrated, Interoperative Distributed Application will have New Apps., Legacy/COTS, Future COTS
DCP-*
CSE5095
Software Development Process QuestionsWhat is the Challenge of Security for Software Design?How do we Integrate Security with the Software Design Process?What Types of Security Must be Available?How do we Integrate Security into OO/Component Based Design?Integration into OO Design?Integration into UML Design?What Guarantees Must be Available in Process?Assurance Guarantees re. Consistent Security Privileges?Can we Support Security for Round-Trip and Reverse Engineering?
DCP-*
CSE5095
Software Development Process QuestionsWhat Techniques are Available for Security Assurance and Analysis?Can we Automatically Generate Formal Security Requirements?Can we Analyze Requirements for Inconsistency and Transition Corrections Back to Design?How do we Handle Transition from Design to Development?Can we Leverage Programming Languages in Support of Security for Development?Subject-Oriented Programming?Aspect-Oriented Programming?Other Techniques?
DCP-*
CSE5095
Information Access and Flow QuestionsWho Can See What Information at What Time? What Are the Security Requirements for Each User Against Individual Legacy/cots Systems and for the Distributed Application?What Information Needs to Be Sent to Which Users at What Time? What Information Should Be Pushed in an Automated Fashion to Different Users at Regular Intervals?
DCP-*
CSE5095
Information Access and Flow QuestionsWhat Information Needs to Be Available to Which Users at What Time? What Information Needs to Be Pulled On-demand to Satisfy Different User Needs in Time-critical SituationsHow Are Changing User Requirements Addressed Within the Distributed Computing Application? Are User Privileges Static for the Distributed Computing Application? Can User Privileges Change Based on the Context and State of Application?
DCP-*
CSE5095
Security Handlers/Processing Questions What Security Techniques Are Needed to Insure That the Correct Information Is Sent to the Appropriate Users at Right Time?Necessary to Insure That Exactly Enough Information and No More Is Available to Appropriate Users at Optimal Times?Required to Allow As Much Information As Possible to Be Available on Demand to Authorized Users?
DCP-*
CSE5095
Security Handlers/Processing QuestionsHow Does the Design by Composition of a Distributed Computing Application Impact on Both the Security and Delivery of Information? Is the Composition of Its Secure Components Also Secure, Thereby Allowing the Delivery of Information?Can We Design Reusable Security Components That Can Be Composed on Demand to Support Dynamic Security Needs in a Distributed Setting?What Is the Impact of Legacy/cots Applications on Delivering the Information?
DCP-*
CSE5095
Security Handlers/Processing QuestionsHow Does Distribution Affect Security Policy Definition and Enforcement?Are Security Handlers/enforcement Mechanisms Centralized And/or Distributed to Support Multiple, Diverse Security Policies?Are There Customized Security Handlers/enforcement Mechanisms at Different Levels of Organizational Hierarchy? Does the Organizational Hierarchy Dictate the Interactions of the Security Handlers for a Unified Enforcement Mechanism for Entire Distributed System?
DCP-*
CSE5095
Legacy/COTS Applications Questions When Legacy/COTS Applications are Placed into Distributed, Interoperable Environment: At What Level, If Any, is Secure Access Available?Does the Application Require That Secure Access Be Addressed?How is Security Added if it is Not Present? What Techniques Are Needed to Control Access to Legacy/COTS?What is the Impact of New Programming Languages (Procedural, Object-oriented, Etc.) And Paradigms?
DCP-*
CSE5095
Focusing on MAC, DAC and RBACFor OO Systems/Applications, Focus on Potential Public Methods on All ClassesRole-Based Approach: Role Determines which Potential Public Methods are AvailableAutomatically Generate Mechanism to Enforce the Security Policy at RuntimeAllow Software Tools to Look-and-Feel Different Dynamically Based on RoleExtend in Support of MAC (Method and Data Levels) and DAC (Delegation of Authority)
DCP-*
CSE5095
Legacy/COTS ApplicationsInteroperability of Legacy/COTS in a Distributed EnvironmentSecurity Issues in Interoperative, Distributed EnvironmentCan MAC/DAC/RBAC be Exploited?How are OO Legacy/COTS Handled?How are Non-OO Legacy/COTS Handled?How are New Java/C++ Appls. Incorporated?Can Java Security Capabilities be Utilized?What Does CORBA/ORBs have to Offer?What about other Middleware (e.g. JINI)?Explore Some Preliminary Ideas on Select Issues
DCP-*
CSE5095
A Distributed Security FrameworkWhat is Needed for the Definition and Realization of Security for a Distributed Application?How can we Dynamically Construct and Maintain Security for a Distributed Application?Application Requirements Change Over TimeSeamless Transition for ChangesTransparency from both User and Distributed Application PerspectivesSupport MAC, RBAC and DAC (Delegation)Cradle to Grave ApproachFrom Design (UML) to Programming(Aspects)Information Exchange (XML) Middleware: Interoperating Artifacts & Clients
DCP-*
CSE5095
A Distributed Security FrameworkDistributed Security Policy Definition, Planning, and ManagementIntegrated with Software Development: Design (UML) and Programming (Aspects)Include Documents of Exchange (XML)Formal Security Model with ComponentsFormal Realization of Security PolicyIdentifiable Security ComponentsSecurity Handlers & Enforcement MechanismRun-time Techniques and ProcessesAllows Dynamic Changes to Policy to be Seamless and Transparently Made
DCP-*
CSE5095
Interactions and DependenciesDistributed Security PolicyFormal Security ModelSecurity ComponentsEnforcement Mechanism Collection of SHs
DCP-*
CSE5095
Policy Definition, Planning, ManagementInterplay of Security Requirements, Security Officers, Users, Components and Overall SystemMinimal Effort in Distributed Setting - CORBA Has Services forConfidentiality, Integrity, Accountability, and AvailabilityBut, No Cohesive CORBA Service Ties Them with Authorization, Authentication, and PrivacyDifficult to Accomplish in Distributed SettingMust Understand All Constituent SystemsInterplay of Stakeholders, Users, Sec. Officers
DCP-*
CSE5095
Three-Pronged Security EmphasisSecure Software DesignviaUMLwith MAC/RBACSecure Information Exchangevia XMLwith MAC/RBACSecure MAC/RBAC Interactions via Middleware in Distributed Setting AssuranceRBAC, DelegationMAC Properties: Simple Integrity, Simple Security, etc.SafetyLiveness
DCP-*
CSE5095
Secure Software Design - T. DoanOther Possibilities: Reverse Engineer Existing Policy toLogic Based DefinitionUML Model with Security Capture all Security Requirements!Bi-Directional Translation - Prove thatall UML Security Definitions in UML in Logic-Based Policy Language and vice-versa
DCP-*
CSE5095
RBAC/MAC at Design LevelSecurity as First Class Citizen in the Design ProcessUse Cases and Actors (Roles) Marked with Security LevelsDynamic Assurance Checks to Insure that Connections Do Not Violate MAC Rules
DCP-*
CSE5095
Secure Software Design - J. PavlichWhat are Aspects?System Properties that Apply Across an Entire ApplicationSamples: Security, Performance, etc.What is Aspect Oriented Programming?Separation of Components and Aspects from One Another with Mechanisms to Support Abstraction and Composition for System DesignWhat is Aspect Oriented Software Design?Focus on Identifying Components, Aspects, Compositions, etc.Emphasis on Design Process and Decisions
DCP-*
CSE5095
Aspects for Security in UMLConsider the Class Diagram below that Captures Courses, Documents, and Grade RecordsWhat are Possible Roles?How can we Define Limitations of Role Against Classes?
DCP-*
CSE5095
A Role-Slice for Professors
DCP-*
CSE5095
A Role Slide for Students
DCP-*
CSE5095
Middleware-Based Security - C. PhillipsArtifacts: DB, Legacy, COTS, GOTS, with APIsNew/Existing Clients use APIsCan we Control Access to APIs (Methods) by Role (who)Classification (MAC)Time (when)Data (what)DelegationLegacyCOTSGOTSDatabaseNETWORKJavaClientLegacyClientDatabaseClientCOTSClientWorking Prototype AvailableusingCORBA, JINI, Java,Oracle
DCP-*
CSE5095
Process-Oriented View
DCP-*
CSE5095
Security for XML DocumentsEmergence of XML for Document/Information ExchangeExtend RBAC/MAC to XMLCollection of Security DTDsDTDs for Roles, Users, and ConstraintsCapture RBAC and MACApply Security DTDs to XML DocumentsAn XML Document Appears Differently Based on Role, MAC, Time, ValueSecurity DTD Filters DocumentSecurity DTDsn Role DTDn User DTDn Constraint DTD
ApplicationApplication DTDsApplication XML FilesAppl_Role.xmlAppl _User.xmlAppl_Constraint.xmlSecurity Officer Generates Security XML files for the ApplicationApplicationDTDs and XMLUsers Role Determines the Scope of Access to Each XML Document
DCP-*
CSE5095
Concluding RemarksObjective is for Everyone to Think about the Range, Scope, and Impact of SecurityQuestion-Based Approach Intended to Frame the DiscussionProposed Solution for Distributed EnvironmentCurrent UConn FociSecure Software DesignMiddleware RealizationXML Document CustomizationConsider these and Other Issues for DCP
Good Morning!
I am Chip Phillips and I will be presenting the following. I am a first year Ph.D. student at the University of Connecticut. I am also a LTC in the United States Army sent to UConn in preparation for future instructor duty at the U.S. Military Academy at West Point, NY. I am relatively new to the security research area, and will be attending a security workshop in Italy for 2 weeks in at the end of September.This is how I will cover the topic this morning. This overview follows the outline of the paper. However, I will be concentrating on our proposed software architecture and prototype work.Next, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveThis is how I will cover the topic this morning. This overview follows the outline of the paper. However, I will be concentrating on our proposed software architecture and prototype work.This is how I will cover the topic this morning. This overview follows the outline of the paper. However, I will be concentrating on our proposed software architecture and prototype work.Next, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNote: Signature of service is incomplete: name, parameter types, return typesThe signature of a method is the method name, return type, and parameter names and types.
These are the three referenced resources. We will discuss each individually but not with the detail in the paper. This is how they compare.
Role-Based Privileges -define role- grant revoke access- registration Services
Authorization List- Client Profile (clients are not only people)- Authorize Role
Security Registration- Identity RegistrationNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: aboveNext, we will bring together the concept of this lookup service and security, specifically, role-based security.
Current- requires programmer intervention- does not consider roleGoal- off slideApproach- use facets and capabilities of a distributed resource environment as conceptual underpinnings to construct a set of resources for role-based security definition, authorization, authentication, and enforcement.- create resources to set up and enforce security policy- The resources are: above