SlideShare ist ein Scribd-Unternehmen logo

A Practical Approach for Web Portal Security Using Roles

Als PPT, PDF herunterladen
R
RAJEEV KUMAR SINGH

A Practical Approach for Web Portal Security Using Roles, Rules, Directories, and all that Stuff

Technologie
1 von 77
The SHANDS UF PORTAL A Practical Approach for Web Portal Security Using Roles, Rules, Directories, and all that Stuff
The Roles Database What is a roles database?
The Roles Database What is a roles database? A roles database is a mechanism used to assign a user access to data or applications.
The Roles Database What is a roles database? Access control information for an enterprise should be hosted centrally, and made available to remote applications as needed. (1)
The Roles Database What is a roles database? The Roles data model must be based on a robust design to enable extension and customization. (2)
The Roles Database What is a roles database? Roles should be thought of as a core service that other applications will use, much like LDAP or DNS. (2)
The Roles Database What is a roles database? Users Role Permission User Group Role Group Group Role Perm Group Role The UF data model.
The Roles Database What is a roles database? A typical implementation: assign a set of permissions to a group and role and then associate many users with the group and role…
The Roles Database What is a roles database? …in other words, who can do what to which data.
The Roles Database What is a roles database? Permission group role relationships tend to be very stable while user group role relationships change often.
The Roles Database What is a roles database? Permissions groups and roles should be centrally administrated because they define organizational security policy.
The Roles Database What is a roles database? Associating users with groups and roles should be de-centralized. Local administrators are familiar with employees and their functions.
The Roles Database What is a role? Role
The Roles Database What is a role? It depends who you talk to. Different dialects express similar concepts.
The Roles Database What is a role? In our model, a role defines a functional entity– e.g., “a sales manager”.
The Roles Database What is a group? Group
The Roles Database What is a group? A group is a logical way of combining and managing roles across a distributed enterprise.
The Roles Database What is a group? In our model, a group defines an organizational entity– e.g., “east region”.
The Roles Database Combining groups and roles Group Group Role Role
The Roles Database Combining groups and roles A group and role are combined to provide very granular security across a distributed enterprise. Here are a couple scenarios.
The Roles Database Group West Group East Role Manager Role Manager A national company might have a regional manager for its two divisions…
The Roles Database Group West Group East Role Manager Role Manager …each associated with a group defined to have a permission to access only to their own data…
The Roles Database Group West Role Manager Group East Role Manager …while the national sales manager, being associated with both groups, has permission to access both.
The Roles Database Group EastWest Role Manager The data model supports inheritance ... Group West Role Manager Group East Role Manager
The Roles Database What are rules?
The Roles Database What are rules? Rules define corporate security policy and should be stored once and shared with other applications. Basically rules modify permissions.
The Roles Database What are rules? Group Group Role Perm Group Role Role Perm The Group Role Permissions table stores access control rules.
The Roles Database What are rules? Storing rules at the group role permission level means that security can be different across groups with the same role...
The Roles Database What are rules? ...Shands at UF doctors will have different permissions and/or different rules than doctors at other Shands hospitals.
The Roles Database What are rules? Storing rules at the group role permission level also means that security will be consistent within the group role...
The Roles Database What are rules? …the rules and permissions will be the same for all Shands at UF doctors.
The Roles Database How are rules implemented?
The Roles Database How are rules implemented? Access control rules are stored in XACML format an emerging W3C standard.
The Roles Database How are rules implemented? It takes data and process together to define and implement a rule so XACL rules are interpreted by subroutines (objects).
The Roles Database How are rules implemented? For example: A permission may be associated with multiple groups and roles...
The Roles Database How are rules implemented? Loop through user/group/role Call security object If OK say yes End Loop
The Roles Database How are rules implemented? Rules and User/Group/Role associations never change they can only expire. Use an effective timestamp and expire timestamp.
The Roles Database What is a context?
The Roles Database What is a context? Users User Group Role Group Role A user is associated with one (or more) User Group Role.
The Roles Database Users User Group Role Group Role A practicing physician might also be a an administrator...
The Roles Database Users User Group Role Group Role …so she is associated with two User Group Roles.
The Roles Database Her portal functions are driven by her user group roles.
Tabs for each context
Menus are driven by Roles
The Roles Database If she leaves her administrative position, her administrative security would expire.
The Roles Database Her Administrator context would be unavailable to her; her Care Provider menus, preferences, and permissions would not be affected.
The Roles Database What about profiles?
The Roles Database What about profiles? Profiles allow a user to customize an application to suit their own personal preferences.
The Roles Database Users User Group Role Group Role Profiles are stored at the User Group Role level... What about profiles?
The Roles Database …as XML to be easily shared with other applications. What about profiles?
The Roles Database Where are profiles kept?
The Roles Database What about profiles? Since profiles are kept at user group role level, preferences in one role may be different from preferences in a another role.
The directory The Directory data model.
The directory Phone Name Address Entity Relationship key uuid Identifier eMail Access Extension
The directory The Directory data model This is the meta Directory or the canonical source. Ultimately it must be the repository of all entities and feed other applications and LDAP.
The directory The Directory data model A Directory Entity has two subtypes: person and organization... Entity key uuid Person Organization
The directory The Directory data model New subtypes can be created as required. Entity key uuid New Type New Type
The directory The Directory data model The Relationship table is Entity one of the more interesting key uuid tables. It associates two directory entities… Relationship
The directory The Directory data model ...person works-for organization is a simple example. Policy must dictate valid relationships. Person Organization
The directory The Directory data model The Extension table is a CLOB that holds additional info in XML or other format... Extension
The directory The Directory data model <PROFILE> <MEDIC> <CONTEXT>Administrator </CONTEXT> </MEDIC> </PROFILE>
The directory The Directory data model The Access table tracks computer accounts. Access
The directory The Directory data model The rest are fairly standard - address, name, email and etc. All have a one to many relationship to Entity and support multiple types.
The directory The Directory data model The directory is populated by batch at this time and is fed from other sources but we must turn that around quickly.
A Portal Application A group role application.
A Portal Application A group role application. The calendar is a group role aware portal application.
A Portal Application A group role application. Different calendars will show up in different contexts based upon a user’s profile data.
A Portal Application A group role application. There are many more group role aware applications in our portal including customizable patient lists for doctors.
The Shands Uf portal Review The roles access control rules The directory relationships between entities
The Roles Database Questions?
The Roles Database Thank you!
The Roles Database Sources 1. “The Roles Database at the Massachusetts Institute of Technology”, presentation by Jim Repa at EDUCAUSE Conference, October 29, 1999 http://www.educause.edu/ir/library/html/edu9942/edu9942.html 2. “Roles”, PowerPoint presentation by Ward Wilson, University of Florida DBA, 2002. 3. OASIS XML-based Access Control Markup Language (XACML) http://www.oasis-open.org/committees/docs
The Roles Database Acknowledgments 1. Thanks to Michael Lucas for preparing the first draft and providing the design and layout for this presentation
A Practical Approach for Web Portal Security Using Roles

Empfohlen

Journalism and the Semantic Web
Journalism and the Semantic WebJournalism and the Semantic Web
Journalism and the Semantic Web
Kurt Cagle
 
RESTful Services
RESTful ServicesRESTful Services
RESTful Services
Kurt Cagle
 
Swap For Dummies Rsp 2007 11 29
Swap For Dummies Rsp 2007 11 29Swap For Dummies Rsp 2007 11 29
Swap For Dummies Rsp 2007 11 29
Julie Allinson
 
Dbms notesization 2014
Dbms notesization 2014Dbms notesization 2014
Dbms notesization 2014
Dev Sanskriti Vishwavidyalaya (University)
 
Oracle Exadata Interview Questions and Answers
Oracle Exadata Interview Questions and AnswersOracle Exadata Interview Questions and Answers
Oracle Exadata Interview Questions and Answers
Exadatadba
 
What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...
What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...
What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...
Edureka!
 
PL/SQL Interview Questions
PL/SQL Interview QuestionsPL/SQL Interview Questions
PL/SQL Interview Questions
Srinimf-Slides
 
Your Work is Distinctive, What about Your Name?
Your Work is Distinctive, What about Your Name?Your Work is Distinctive, What about Your Name?
Your Work is Distinctive, What about Your Name?
ORCID, Inc
 

Empfohlen

Journalism and the Semantic Web
Journalism and the Semantic WebJournalism and the Semantic Web
Journalism and the Semantic Web
Kurt Cagle
 
RESTful Services
RESTful ServicesRESTful Services
RESTful Services
Kurt Cagle
 
Swap For Dummies Rsp 2007 11 29
Swap For Dummies Rsp 2007 11 29Swap For Dummies Rsp 2007 11 29
Swap For Dummies Rsp 2007 11 29
Julie Allinson
 
Dbms notesization 2014
Dbms notesization 2014Dbms notesization 2014
Dbms notesization 2014
Dev Sanskriti Vishwavidyalaya (University)
 
Oracle Exadata Interview Questions and Answers
Oracle Exadata Interview Questions and AnswersOracle Exadata Interview Questions and Answers
Oracle Exadata Interview Questions and Answers
Exadatadba
 
What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...
What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...
What is MySQL? | MySQL Tutorial For Beginners | Creating Databases & Tables |...
Edureka!
 
PL/SQL Interview Questions
PL/SQL Interview QuestionsPL/SQL Interview Questions
PL/SQL Interview Questions
Srinimf-Slides
 
Your Work is Distinctive, What about Your Name?
Your Work is Distinctive, What about Your Name?Your Work is Distinctive, What about Your Name?
Your Work is Distinctive, What about Your Name?
ORCID, Inc
 
Apartment vs Independent House Infographics
Apartment vs Independent House InfographicsApartment vs Independent House Infographics
Apartment vs Independent House Infographics
RAJEEV KUMAR SINGH
 
Engineering colleges in karnataka with phone no & email id
Engineering colleges in karnataka with phone no & email idEngineering colleges in karnataka with phone no & email id
Engineering colleges in karnataka with phone no & email id
RAJEEV KUMAR SINGH
 
QlikView Customer Snapshot – Bassett Healthcare
QlikView Customer Snapshot – Bassett HealthcareQlikView Customer Snapshot – Bassett Healthcare
QlikView Customer Snapshot – Bassett Healthcare
RAJEEV KUMAR SINGH
 
Everything about Internet
Everything about InternetEverything about Internet
Everything about Internet
RAJEEV KUMAR SINGH
 
A perspective on the learning management system
A perspective on the learning management systemA perspective on the learning management system
A perspective on the learning management system
RAJEEV KUMAR SINGH
 
LUDO BOARD GAME OPENGL COMPUTER GRAPHICS
LUDO BOARD GAME OPENGL COMPUTER GRAPHICSLUDO BOARD GAME OPENGL COMPUTER GRAPHICS
LUDO BOARD GAME OPENGL COMPUTER GRAPHICS
RAJEEV KUMAR SINGH
 
OpenGL Projects on SIMULATION OF WATER RIPPELS
OpenGL Projects on SIMULATION OF WATER RIPPELSOpenGL Projects on SIMULATION OF WATER RIPPELS
OpenGL Projects on SIMULATION OF WATER RIPPELS
RAJEEV KUMAR SINGH
 
A seminar on GPS Technology
A seminar on GPS TechnologyA seminar on GPS Technology
A seminar on GPS Technology
RAJEEV KUMAR SINGH
 
Computer graphics mini project on bellman-ford algorithm
Computer graphics mini project on bellman-ford algorithmComputer graphics mini project on bellman-ford algorithm
Computer graphics mini project on bellman-ford algorithm
RAJEEV KUMAR SINGH
 
Database management systems
Database management systemsDatabase management systems
Database management systems
Ravindra Singh Gohil
 
Oracle Complete Interview Questions
Oracle Complete Interview QuestionsOracle Complete Interview Questions
Oracle Complete Interview Questions
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Active diirecotry
Active diirecotryActive diirecotry
Active diirecotry
Pradeesh Stanislavose
 
DBMS Full book by Muhammad Sharif title as Database systems Handbook.pdf
DBMS Full book by Muhammad Sharif title as Database systems Handbook.pdfDBMS Full book by Muhammad Sharif title as Database systems Handbook.pdf
DBMS Full book by Muhammad Sharif title as Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 
Muhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdfMuhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 
Muhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdfMuhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 
Database Concepts & SQL(1).pdf
Database Concepts & SQL(1).pdfDatabase Concepts & SQL(1).pdf
Database Concepts & SQL(1).pdf
rsujeet169
 
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docxRunning head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
todd271
 
Oracle tutorial
Oracle tutorialOracle tutorial
Oracle tutorial
Lalit Shaktawat
 
Database systems Handbook.pdf
Database systems Handbook.pdfDatabase systems Handbook.pdf
Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 
Muhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdfMuhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 
Database systems Handbook.pdf
Database systems Handbook.pdfDatabase systems Handbook.pdf
Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 
Muhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdfMuhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdf
Bahria University Islamabad, Pakistan
 

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (9)

Apartment vs Independent House Infographics
Apartment vs Independent House InfographicsApartment vs Independent House Infographics
Apartment vs Independent House Infographics
 
Engineering colleges in karnataka with phone no & email id
Engineering colleges in karnataka with phone no & email idEngineering colleges in karnataka with phone no & email id
Engineering colleges in karnataka with phone no & email id
 
QlikView Customer Snapshot – Bassett Healthcare
QlikView Customer Snapshot – Bassett HealthcareQlikView Customer Snapshot – Bassett Healthcare
QlikView Customer Snapshot – Bassett Healthcare
 
Everything about Internet
Everything about InternetEverything about Internet
Everything about Internet
 
A perspective on the learning management system
A perspective on the learning management systemA perspective on the learning management system
A perspective on the learning management system
 
LUDO BOARD GAME OPENGL COMPUTER GRAPHICS
LUDO BOARD GAME OPENGL COMPUTER GRAPHICSLUDO BOARD GAME OPENGL COMPUTER GRAPHICS
LUDO BOARD GAME OPENGL COMPUTER GRAPHICS
 
OpenGL Projects on SIMULATION OF WATER RIPPELS
OpenGL Projects on SIMULATION OF WATER RIPPELSOpenGL Projects on SIMULATION OF WATER RIPPELS
OpenGL Projects on SIMULATION OF WATER RIPPELS
 
A seminar on GPS Technology
A seminar on GPS TechnologyA seminar on GPS Technology
A seminar on GPS Technology
 
Computer graphics mini project on bellman-ford algorithm
Computer graphics mini project on bellman-ford algorithmComputer graphics mini project on bellman-ford algorithm
Computer graphics mini project on bellman-ford algorithm
 

Ähnlich wie A Practical Approach for Web Portal Security Using Roles

Database Concepts & SQL(1).pdf
Database Concepts & SQL(1).pdfDatabase Concepts & SQL(1).pdf
Database Concepts & SQL(1).pdf
rsujeet169
 
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docxRunning head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
todd271
 

Ähnlich wie A Practical Approach for Web Portal Security Using Roles (20)

Database management systems
Database management systemsDatabase management systems
Database management systems
 
Oracle Complete Interview Questions
Oracle Complete Interview QuestionsOracle Complete Interview Questions
Oracle Complete Interview Questions
 
Active diirecotry
Active diirecotryActive diirecotry
Active diirecotry
 
DBMS Full book by Muhammad Sharif title as Database systems Handbook.pdf
DBMS Full book by Muhammad Sharif title as Database systems Handbook.pdfDBMS Full book by Muhammad Sharif title as Database systems Handbook.pdf
DBMS Full book by Muhammad Sharif title as Database systems Handbook.pdf
 
Muhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdfMuhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdf
 
Muhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdfMuhammad Sharif dbms book title as Database systems Handbook.pdf
Muhammad Sharif dbms book title as Database systems Handbook.pdf
 
Database Concepts & SQL(1).pdf
Database Concepts & SQL(1).pdfDatabase Concepts & SQL(1).pdf
Database Concepts & SQL(1).pdf
 
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docxRunning head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
Running head DATABASE PROJECT 1DATABASE PROJECT 1Database S.docx
 
Oracle tutorial
Oracle tutorialOracle tutorial
Oracle tutorial
 
Database systems Handbook.pdf
Database systems Handbook.pdfDatabase systems Handbook.pdf
Database systems Handbook.pdf
 
Muhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdfMuhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdf
 
Database systems Handbook.pdf
Database systems Handbook.pdfDatabase systems Handbook.pdf
Database systems Handbook.pdf
 
Muhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdfMuhammad Sharif Database systems Handbook.pdf
Muhammad Sharif Database systems Handbook.pdf
 
Database systems Handbook database systems muhammad sharif.pdf
Database systems Handbook database systems muhammad sharif.pdfDatabase systems Handbook database systems muhammad sharif.pdf
Database systems Handbook database systems muhammad sharif.pdf
 
Database system Handbook.pdf
Database system Handbook.pdfDatabase system Handbook.pdf
Database system Handbook.pdf
 
Database systems Handbook by Muhammad Sharif dba.pdf
Database systems Handbook by Muhammad Sharif dba.pdfDatabase systems Handbook by Muhammad Sharif dba.pdf
Database systems Handbook by Muhammad Sharif dba.pdf
 
Database system Handbook.pdf
Database system Handbook.pdfDatabase system Handbook.pdf
Database system Handbook.pdf
 
Database system Handbook.pdf
Database system Handbook.pdfDatabase system Handbook.pdf
Database system Handbook.pdf
 
Database systems Handbook.pdf
Database systems Handbook.pdfDatabase systems Handbook.pdf
Database systems Handbook.pdf
 
Muhammad Sharif handbook dbms Database systems Handbook.pdf
Muhammad Sharif handbook dbms Database systems Handbook.pdfMuhammad Sharif handbook dbms Database systems Handbook.pdf
Muhammad Sharif handbook dbms Database systems Handbook.pdf
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

A Practical Approach for Web Portal Security Using Roles

  • 1. The SHANDS UF PORTAL A Practical Approach for Web Portal Security Using Roles, Rules, Directories, and all that Stuff
  • 2. The Roles Database What is a roles database?
  • 3. The Roles Database What is a roles database? A roles database is a mechanism used to assign a user access to data or applications.
  • 4. The Roles Database What is a roles database? Access control information for an enterprise should be hosted centrally, and made available to remote applications as needed. (1)
  • 5. The Roles Database What is a roles database? The Roles data model must be based on a robust design to enable extension and customization. (2)
  • 6. The Roles Database What is a roles database? Roles should be thought of as a core service that other applications will use, much like LDAP or DNS. (2)
  • 7. The Roles Database What is a roles database? Users Role Permission User Group Role Group Group Role Perm Group Role The UF data model.
  • 8. The Roles Database What is a roles database? A typical implementation: assign a set of permissions to a group and role and then associate many users with the group and role…
  • 9. The Roles Database What is a roles database? …in other words, who can do what to which data.
  • 10. The Roles Database What is a roles database? Permission group role relationships tend to be very stable while user group role relationships change often.
  • 11. The Roles Database What is a roles database? Permissions groups and roles should be centrally administrated because they define organizational security policy.
  • 12. The Roles Database What is a roles database? Associating users with groups and roles should be de-centralized. Local administrators are familiar with employees and their functions.
  • 13. The Roles Database What is a role? Role
  • 14. The Roles Database What is a role? It depends who you talk to. Different dialects express similar concepts.
  • 15. The Roles Database What is a role? In our model, a role defines a functional entity– e.g., “a sales manager”.
  • 16. The Roles Database What is a group? Group
  • 17. The Roles Database What is a group? A group is a logical way of combining and managing roles across a distributed enterprise.
  • 18. The Roles Database What is a group? In our model, a group defines an organizational entity– e.g., “east region”.
  • 19. The Roles Database Combining groups and roles Group Group Role Role
  • 20. The Roles Database Combining groups and roles A group and role are combined to provide very granular security across a distributed enterprise. Here are a couple scenarios.
  • 21. The Roles Database Group West Group East Role Manager Role Manager A national company might have a regional manager for its two divisions…
  • 22. The Roles Database Group West Group East Role Manager Role Manager …each associated with a group defined to have a permission to access only to their own data…
  • 23. The Roles Database Group West Role Manager Group East Role Manager …while the national sales manager, being associated with both groups, has permission to access both.
  • 24. The Roles Database Group EastWest Role Manager The data model supports inheritance ... Group West Role Manager Group East Role Manager
  • 25. The Roles Database What are rules?
  • 26. The Roles Database What are rules? Rules define corporate security policy and should be stored once and shared with other applications. Basically rules modify permissions.
  • 27. The Roles Database What are rules? Group Group Role Perm Group Role Role Perm The Group Role Permissions table stores access control rules.
  • 28. The Roles Database What are rules? Storing rules at the group role permission level means that security can be different across groups with the same role...
  • 29. The Roles Database What are rules? ...Shands at UF doctors will have different permissions and/or different rules than doctors at other Shands hospitals.
  • 30. The Roles Database What are rules? Storing rules at the group role permission level also means that security will be consistent within the group role...
  • 31. The Roles Database What are rules? …the rules and permissions will be the same for all Shands at UF doctors.
  • 32. The Roles Database How are rules implemented?
  • 33. The Roles Database How are rules implemented? Access control rules are stored in XACML format an emerging W3C standard.
  • 34.
  • 35. The Roles Database How are rules implemented? It takes data and process together to define and implement a rule so XACL rules are interpreted by subroutines (objects).
  • 36. The Roles Database How are rules implemented? For example: A permission may be associated with multiple groups and roles...
  • 37. The Roles Database How are rules implemented? Loop through user/group/role Call security object If OK say yes End Loop
  • 38. The Roles Database How are rules implemented? Rules and User/Group/Role associations never change they can only expire. Use an effective timestamp and expire timestamp.
  • 39. The Roles Database What is a context?
  • 40. The Roles Database What is a context? Users User Group Role Group Role A user is associated with one (or more) User Group Role.
  • 41. The Roles Database Users User Group Role Group Role A practicing physician might also be a an administrator...
  • 42. The Roles Database Users User Group Role Group Role …so she is associated with two User Group Roles.
  • 43. The Roles Database Her portal functions are driven by her user group roles.
  • 44. Tabs for each context
  • 45. Menus are driven by Roles
  • 46. The Roles Database If she leaves her administrative position, her administrative security would expire.
  • 47. The Roles Database Her Administrator context would be unavailable to her; her Care Provider menus, preferences, and permissions would not be affected.
  • 48.
  • 49. The Roles Database What about profiles?
  • 50. The Roles Database What about profiles? Profiles allow a user to customize an application to suit their own personal preferences.
  • 51. The Roles Database Users User Group Role Group Role Profiles are stored at the User Group Role level... What about profiles?
  • 52. The Roles Database …as XML to be easily shared with other applications. What about profiles?
  • 53. The Roles Database Where are profiles kept?
  • 54. The Roles Database What about profiles? Since profiles are kept at user group role level, preferences in one role may be different from preferences in a another role.
  • 55. The directory The Directory data model.
  • 56. The directory Phone Name Address Entity Relationship key uuid Identifier eMail Access Extension
  • 57. The directory The Directory data model This is the meta Directory or the canonical source. Ultimately it must be the repository of all entities and feed other applications and LDAP.
  • 58. The directory The Directory data model A Directory Entity has two subtypes: person and organization... Entity key uuid Person Organization
  • 59. The directory The Directory data model New subtypes can be created as required. Entity key uuid New Type New Type
  • 60. The directory The Directory data model The Relationship table is Entity one of the more interesting key uuid tables. It associates two directory entities… Relationship
  • 61. The directory The Directory data model ...person works-for organization is a simple example. Policy must dictate valid relationships. Person Organization
  • 62. The directory The Directory data model The Extension table is a CLOB that holds additional info in XML or other format... Extension
  • 63. The directory The Directory data model <PROFILE> <MEDIC> <CONTEXT>Administrator </CONTEXT> </MEDIC> </PROFILE>
  • 64. The directory The Directory data model The Access table tracks computer accounts. Access
  • 65. The directory The Directory data model The rest are fairly standard - address, name, email and etc. All have a one to many relationship to Entity and support multiple types.
  • 66. The directory The Directory data model The directory is populated by batch at this time and is fed from other sources but we must turn that around quickly.
  • 67. A Portal Application A group role application.
  • 68. A Portal Application A group role application. The calendar is a group role aware portal application.
  • 69.
  • 70. A Portal Application A group role application. Different calendars will show up in different contexts based upon a user’s profile data.
  • 71. A Portal Application A group role application. There are many more group role aware applications in our portal including customizable patient lists for doctors.
  • 72. The Shands Uf portal Review The roles access control rules The directory relationships between entities
  • 73. The Roles Database Questions?
  • 74. The Roles Database Thank you!
  • 75. The Roles Database Sources 1. “The Roles Database at the Massachusetts Institute of Technology”, presentation by Jim Repa at EDUCAUSE Conference, October 29, 1999 http://www.educause.edu/ir/library/html/edu9942/edu9942.html 2. “Roles”, PowerPoint presentation by Ward Wilson, University of Florida DBA, 2002. 3. OASIS XML-based Access Control Markup Language (XACML) http://www.oasis-open.org/committees/docs
  • 76. The Roles Database Acknowledgments 1. Thanks to Michael Lucas for preparing the first draft and providing the design and layout for this presentation