role-based security in a distributed resource environment*
DESCRIPTION
Role-Based Security in a Distributed Resource Environment*. Profs. Steven A. Demurjian and T.C. Ting J. Balthazar, H. Ren, and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, Connecticut 06269-3155. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/1.jpg)
IFIP 2000-1
Profs. Steven A. Demurjian and T.C. TingJ. Balthazar, H. Ren, and C. Phillips
Computer Science & Engineering Department191 Auditorium Road, Box U-155
The University of ConnecticutStorrs, Connecticut 06269-3155
http://www.engr.uconn.edu/[email protected]
Role-Based Security in a Distributed Role-Based Security in a Distributed Resource Environment*Resource Environment*
Dr. Paul BarrThe MITRE Corp145 Wyckoff Road
Eatontown, New Jersey [email protected]
*This work supported in part by a research contract from the Mitre Corporation (Eatontown, NJ) and a research grant from AFOSR
![Page 2: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/2.jpg)
IFIP 2000-2
OverviewOverview
Goals of Our Research EffortGoals of Our Research Effort Sun’s JINI TechnologySun’s JINI Technology A Software Architecture for Role-Based SecurityA Software Architecture for Role-Based Security
Proposed Software Architecture Security Resources and Services Security Client and Resource Interactions Client Interactions and Processing
Experimental Prototypes Experimental Prototypes JINI Prototype of Role Based Approach Security Client Prototype
Related WorkRelated Work Conclusions and Future WorkConclusions and Future Work
![Page 3: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/3.jpg)
IFIP 2000-3
Goals of Our Research EffortGoals of Our Research Effort
Incorporation of Role-Based Approach within Incorporation of Role-Based Approach within Distributed Resource EnvironmentDistributed Resource Environment Highly-Available Distributed Applications
Constructed Using Middleware Tools Demonstrate Use of JINI to Provide Selective
Access of Clients to Resources Based on Role Propose Software Architecture and Role-Based Propose Software Architecture and Role-Based
Security Model forSecurity Model for Authorization of Clients Based on Role Authentication of Clients and Resources Enforcement so Clients Only Use Authorized
Services (of Resource) Propose Security Solution for Distributed Propose Security Solution for Distributed
Applications for Clients and Services (Resources)Applications for Clients and Services (Resources)
![Page 4: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/4.jpg)
IFIP 2000-4
Sun’s JINI TechnologySun’s JINI Technology
Construct Distributed Applications Using JINI by Construct Distributed Applications Using JINI by Federating Groups of Users Resources Provide Services for Users
A A ResourceResource Provides a Set of Services for Use by Provides a Set of Services for Use by Clients (Users) and Other Resources (Services)Clients (Users) and Other Resources (Services)
A A ServiceService is Similar to a Public Method is Similar to a Public Method Exportable - Analogous to API Any Entity Utilized by Person or Program Samples Include:
Computation, Persistent Store, Printer, Sensor Software Filter, Real-Time Data Source
Services: Concrete Interfaces of Components Services Register with Services Register with Lookup ServiceLookup Service
![Page 5: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/5.jpg)
IFIP 2000-5
Sun’s JINI TechnologySun’s JINI TechnologyKey JINI Concepts and TermsKey JINI Concepts and Terms
RegistrationRegistration of Services via of Services via Leasing MechanismLeasing Mechanism Resource Leases Services to Lookup Service Resources Renew Services Prior to Expiration If not, Services Become Unavailable Lookup Service Maintains Registry Services as Available “Components”
Leasing Supports High-AvailabilityLeasing Supports High-Availability Registration and Renewal Process Upon Failure, Services Removed from Registry
Clients, Resources, Lookup Can Occupy Same or Clients, Resources, Lookup Can Occupy Same or Different Computing NodesDifferent Computing Nodes
![Page 6: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/6.jpg)
IFIP 2000-6
Sun’s JINI TechnologySun’s JINI TechnologyJoin, Lookup, and Service InvocationJoin, Lookup, and Service Invocation
ClientResource
Service ObjectService Attributes
Lookup ServiceRequestServiceAddCourse(CSE900)
ReturnService
Proxy toAddCourse( )
Join
Register & Lease Services CourseDB ClassContains Method AddCourse ( )
1. Client Invokes AddCourse(CSE900) on Resource2. Resource Returns Status of Invocation
Service Invocation via Proxy by Transparent RMI Call
Service Object
Service Attributes
Registry of Entries
![Page 7: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/7.jpg)
IFIP 2000-7
Proposed Software ArchitectureProposed Software Architecturefor Role-Based Securityfor Role-Based Security
Many Current Lookup ServicesMany Current Lookup Services Successfully Dictates Service Utilization Requires Programmatic Solution for Security Does Not Selectively and Dynamically Control
Access Based on Client Role Security of a Distributed Resource Should Security of a Distributed Resource Should
Selectively and Dynamically Control Client Access Selectively and Dynamically Control Client Access to Services Based on the Roleto Services Based on the Role
Our ApproachOur Approach Define Dedicated Resources to Authorize,
Authenticate, and Enforce Security by Role Proposed Resources
Role-Based Privileges, Authorization List, Security Registration
![Page 8: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/8.jpg)
IFIP 2000-8
Proposed Software ArchitectureProposed Software Architecturefor Role-Based Securityfor Role-Based Security
Resources Provide ServicesClients Using Services
Figure 3.1: General Architecture of Clients and Resources.
Role-BasedPrivileges
AuthorizationList
Security Registration
Legacy
COTS
COTS
Database
Database
LookupService
LookupService
JavaClient
JavaClient
LegacyClient
DatabaseClient
SoftwareAgent
COTSClient
![Page 9: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/9.jpg)
IFIP 2000-9
Security Resources and ServicesSecurity Resources and Services
Role-Based Privileges ResourceRole-Based Privileges Resource Define User-role Grant/Revoke Access of Role to Resource Register Services
Authorization List ResourceAuthorization List Resource Maintains Client Profile (Many Client Types) Client Profile and Authorize Role Services
Security Registration ResourceSecurity Registration Resource Register Client Service Identity Registration at Startup Uses IP Address
Services of ResourceServices of Resource Functionally Separated and Organized Resemble Method Definitions (OO)
![Page 10: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/10.jpg)
IFIP 2000-10
The Services of theThe Services of theRole-Based Privilege ResourceRole-Based Privilege Resource
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
![Page 11: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/11.jpg)
IFIP 2000-11
The Services of theThe Services of theAuthorization-List ResourceAuthorization-List Resource
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
![Page 12: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/12.jpg)
IFIP 2000-12
The Services of theThe Services of theSecurity Registration ResourceSecurity Registration Resource
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
![Page 13: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/13.jpg)
IFIP 2000-13
Security Client and Resource InteractionsSecurity Client and Resource Interactions
Figure 3.3: Security Client and Database Resource Interactions.
Role-BasedPrivileges
AuthorizationList
Security Registration
LookupService
SecurityClient
Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Discover Service Return Proxy
GeneralResource
Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Find_All_Clients_UR(UR);
Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id); Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(UR,R_Id); Find_AllUR_Service(UR,R_Id,S_Id); Find_AllUR_Method(UR,R_Id,S_Id,M_Id); Find_UR_Privileges(UR);
Register_Resource(R_Id); Register_Service(R_Id, S_Id);Register_Method(R_Id, S_Id, M_Id);UnRegister_Resource(R_Id);UnRegister_Service(R_Id, S_Id);UnRegister_Method(R_Id, S_Id, M_Id);
Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
![Page 14: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/14.jpg)
IFIP 2000-14
8. Check_Privileges(UR,R_Id,S_Id,M_Id);
Client Interactions and ProcessingClient Interactions and Processing
DatabaseResource
Figure 3.4: Client Interactions and Service Invocations.
Role-BasedPrivileges
AuthorizationList
Security Registration
LookupService
GUIClient
1. Register_Client(C_Id, IP_Addr,UR);
2. Verify_UR_Client(UR,C_Id);
Discover Service Return Proxy
3. Client OK?
4. Registration OK?
5. ModifyAttr(C_ID,UR,Value)
6.IsClient_Registered(C_ID)
7. Registration OK?
9. Privileges OK?
10. Modification OK?
![Page 15: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/15.jpg)
IFIP 2000-15
Two Experimental PrototypesTwo Experimental Prototypes
JINI Prototype of Role Based ApproachJINI Prototype of Role Based Approach University Database (UDB) Initial GUI for Sign In (Authorization List) Student/faculty GUI Client (Coursedb) Access to Methods Limited Based on Role
(Ex: Only Student Can Enroll in a Course) Security Client Prototype Security Client Prototype
Generic Tool Uses Three Resources and Their Services
Role-Based Privileges Authorization-List Security Registration
![Page 16: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/16.jpg)
IFIP 2000-16
Experimental Prototype OneExperimental Prototype One JINI Prototype of Role Based Approach JINI Prototype of Role Based Approach
Figure 4.1: An Architecture of URBS based on JINI Technology.
JavaGUI
Client1
JINILookupService
Author.List Res.(copy 2)
Author.List Res.(copy 1)
Role-BasedPrivileges &
Sec. Reg.
JavaGUI
Client2
CourseDBResource(copy 1)
CourseDBResource(copy 2)
Role-BasedPrivileges &
Sec. Reg.
DBServer Service GetClasses(); PreReqCourse(); GetVacantClasses(); EnrollCourse(); AddCourse(); RemoveCourse(); UpdateCourse().
![Page 17: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/17.jpg)
IFIP 2000-17
Experimental Prototype OneExperimental Prototype OneExecution ProcessExecution Process
Figure 4.2: Execution Process for Architecture.
JavaGUI
Client1
JINILookupService
Role-BasePrivileges &
Sec. Reg.
1a, 5a
1b, 5b
2
4
6
CourseDBResource
8a
9a 8b
9b10
7a 7b
Author.List Res.
3aa3b
1a. Discover Register_Client Service1b. Return Service Proxy2. Register the Client3a. Is Client Authorized?3b. Succeed - return Role4. Return Success or Failure5a. Discover CourseDB Service5b. Return Service Proxy6. Invoke a Method, e.g., Invoke EnrollCourse()7a. Discover Role-Based Priv. & Sec. Reg. Services7b. Return Service Proxies8a. Is Client Registered?8b. Return Yes or No9a. Can Client Invoke Method?10. addCourse() or do nothing
![Page 18: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/18.jpg)
IFIP 2000-18
Experimental Prototype TwoExperimental Prototype TwoThe Security Client PrototypeThe Security Client Prototype
Figure 4.3: Initial Security Client Screen.
![Page 19: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/19.jpg)
IFIP 2000-19
RecallRecallSecurity Resources and ServicesSecurity Resources and Services
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
![Page 20: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/20.jpg)
IFIP 2000-20
Experimental Prototype TwoExperimental Prototype TwoRole-Based Privilege Resource & ServicesRole-Based Privilege Resource & Services
Figure 4.4: The Role-Based Privileges Services Screen
![Page 21: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/21.jpg)
IFIP 2000-21
Experimental Prototype TwoExperimental Prototype Two Authorization List Resource & Services Authorization List Resource & Services
Figure 4.5: The Authorization-List Services Screen.
![Page 22: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/22.jpg)
IFIP 2000-22
Experimental Prototype TwoExperimental Prototype Two Security Registration Resource & Services Security Registration Resource & Services
Figure 4.6: The Security Registration Services Screen.
![Page 23: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/23.jpg)
IFIP 2000-23
Related WorkRelated Work
Security Policy & Security Policy & Enforcement (OS Security)Enforcement (OS Security) Security Filters and
Screens Header Encryption User-level Authen. IP Encapsulation Key Mgmt. Protocols Browser Security
Use of EncryptionUse of Encryption Access Control Securing Comm.
Channel Establishing a Trusted
Computer Base Network Services
Kerberos and Charon
Security: Mobile AgentsSecurity: Mobile Agents Saga Security
Architecture Access Tokens Control Vectors Security Monitor
Concordia Storage Protection Transmission
Protection Server Resource
Protection Other Topics
Trust Appraisal Metric Analysis Short-lived Certificates Seamless Object
Authentication
![Page 24: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/24.jpg)
IFIP 2000-24
ConclusionsConclusions
For a Distributed Resource EnvironmentFor a Distributed Resource Environment Proposed & Explained a Role-Based Approach Authorize, Authenticate, and Enforce
Presented an Software Architecture ContainingPresented an Software Architecture Containing Role-Based Security Model for a Distributed
Resource Environment Security Registration, Authorization-List, and
Role-based Privileges Resources Developed Two Independent PrototypesDeveloped Two Independent Prototypes
JINI-Based Prototype for Role-Based Security Model that Allows Clients to Access Resources Based on Role
Security Client for Establishing Privileges
![Page 25: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/25.jpg)
IFIP 2000-25
Future WorkFuture Work
Negative PrivilegesNegative Privileges Chaining of Resource Invocations Client Uses S1 on R1 that Calls S2 on R2 Client Authorized to S1 but Not S2
Multiple Security ClientsMultiple Security Clients What Happens When Multiple Security Clients
Attempt to Modify Privileges at Same Time? Is Data Consistency Assured?
Leasing Concept available with JINILeasing Concept available with JINI Leasing Allows Services to Expire Can Role-Based Privileges Also Expire?
![Page 26: Role-Based Security in a Distributed Resource Environment*](https://reader034.vdocuments.site/reader034/viewer/2022042822/56812aee550346895d8ed339/html5/thumbnails/26.jpg)
IFIP 2000-26
Future WorkFuture Work
Location of Client vs. Affect on ServiceLocation of Client vs. Affect on Service What if Client in on Local Intranet? What if Client is on WAN? Are Privileges Different?
Tracking Computation for Identification PurposesTracking Computation for Identification Purposes Currently Require Name, Role, IP Addr, Port # How is this Tracked when Dynamic IP
Addresses are Utilized? Integration of the the Two PrototypesIntegration of the the Two Prototypes
Combining Both Prototypes into Working System
Likely Semester Project during Fall 2000