Delegation of Authority (DyVOSE project)

David Chadwick University of Kent

21 June 2006

Copyright 2006 University of Kent

What is Delegation of Authority?

Allowing someone to act on your behalf to perform tasks (consume resources) that are available to you Delegator should be empowered to delegate to anyone he needs to, subject to certain organisation controls (i.e. the organisations Delegation Policy)

21 June 2006

Copyright 2006 University of Kent

How do you delegate to others today?

To enter your house and fetch something
If your house if locked?

To use your PC
If it is protected by a username and password?

To withdraw money from your bank account

Using an ATM?
21 June 2006 Copyright 2006 University of Kent 3

What is the problem with these existing delegation mechanisms?

The other person usually masquerades as you, or impersonates you There is no control on what they can do
Anything you can do, they can do

21 June 2006

Copyright 2006 University of Kent

What is a better solution?

The delegate should act in his own name, not in yours
Then a full audit trail can be kept of who did what

The delegate should have limited authority

So that you can delegate a fraction of your powers

21 June 2006

Copyright 2006 University of Kent

Assigning and Delegating Privileges in Organisations

Resource Owner I authorise this Privilege Holder to use this resource in the following ways signed The Resource Owner

Assigns privilege to
Privilege Holder

21 June 2006

I delegate authority to this End User to use this resource in this limited way signed The Privilege Holder End User (Privilege Holder) Delegates privilege to Can I use the Resource 6 Copyright 2006 University of Kent

Privilege Checking in Organisations

End User (Privilege Holder)

Issues a command (Asserts Privilege)

Please purchase this product from company X signed the End User

Privilege Verifier
21 June 2006

Q. Is this user authorised to purchase these goods?

7

Copyright 2006 University of Kent

Access Control
Usually based on access control lists
This list of users can do these things

Examples Ed and Jake can read the exam results file on the Kent University website Jo and Zoe get 10% discount when electronically shopping at Tescos PROBLEMS You need to know the names of all the users Very difficult to scale to Internet proportions where there are millions of users
21 June 2006 Copyright 2006 University of Kent 8

Role Based Access Control

Users are given roles (or attributes) Holders of attributes are given access permissions Examples Ed and Jake are Students at Kent University Students at Kent University can read the exam results file on the website Jo and Zoe are Tesco Clubcard holders Tesco Clubcard holders get 10% discount when shopping electronically at Tescos
21 June 2006 Copyright 2006 University of Kent 9

Delegation of Authority with Role Based Access Controls

Users who have attributes (or roles) can delegate these to other users Users can also delegate subordinate roles E.g. professor is superior to academic staff is superior to PG student is superior to UG student A professor can delegate the academic staff role, or the PG student role or the UG student role so as to delegate partial privileges
21 June 2006 Copyright 2006 University of Kent 10

Assigning Privileges Electronically

- using X.509 Attribute Certificates
Points to issuer

SOA
SOA = Source of Authority AA = Attribute Authority

Bill
AC

Issues AC to
Points to holder

AA

Alice
Issues AC to

End Entity
21 June 2006

Bob

An Attribute Certificate is a digitally signed electronic document that says that this holder has been given these attributes by this issuer
11

Copyright 2006 University of Kent

Main points of this system

Every delegated attribute (or role) is digitally signed so that it cannot be tampered with or altered Each attribute certificate says who the delegator and delegatee are (issuer and holder) Very secure way of delegating authority BUT each user needs a digital signing key and digital certificate How many of you have digital certificates and signing keys?
21 June 2006 Copyright 2006 University of Kent 12

The Delegation Issuing Service

AC Points to holder
Points to issuer Points to Issued On Behalf Of

SOA

Bill Issues
AC to Issues AC to

AA

Alice
Issues AC to

Delegation Issuing Service (DIS)

End Entity
21 June 2006

Bob
Copyright 2006 University of Kent 13

Advantages of the Delegation Issuing Service

Users dont need to have signing keys since the DIS signs the Attribute Certificates on their behalf The DIS keeps a central record (audit trail) of who has delegated what to whom The DIS has a Delegation Policy to control who can delegate what to whom The process of privilege checking is very efficient since all ACs are issued by the DIS (and not by lots of different users)
21 June 2006 Copyright 2006 University of Kent 14

Our DIS System

Authenticate the User
Delegation Policy

Request

PERMIS Decision Engine

DIS
Web service interface

Authorisation

IssueAC
publishAC

Sign AC

LDAP server
21 June 2006 Copyright 2006 University of Kent 15

The Delegation of Authority Demo

Public web page Secure web page only available to users with Researcher role Role Hierarchy

Anyone with Admin or Researcher role can delegate Researcher role to anyone else in Staff domain 21 June 2006 Copyright 2006 University of Kent

16

Delegation Demo (cont)

Simon is already a researcher Simon would like to delegate to Sarah to access his resource Simon accesses the Delegation Issuing Service and assigns the Researcher role to Sarah Sarah can now access the resource Simon then revokes the researcher role Sarah no longer has access
21 June 2006 Copyright 2006 University of Kent 17

21 June 2006

Copyright 2006 University of Kent

18

21 June 2006

Copyright 2006 University of Kent

19

21 June 2006

Copyright 2006 University of Kent

20

21 June 2006

Copyright 2006 University of Kent

21

21 June 2006

Copyright 2006 University of Kent

22

21 June 2006

Copyright 2006 University of Kent

23