Introduction: The current methods to access control and usage control depend on three entities: subject, action and object. Hence requiring a security policy contains in specifying security rules applying on the {subject, action, object} trio. It can be a authorization for some subject to understand some action on some object.One of the main goals of the OrBAC model is to permit the policy designer to describe a security policy independently of the application.
The selected method to achieve this goal is the overview of an abstract level.
MotOrBAC is an execution of the OrBAC access control model. MotOrBAC aims at providing an OrBAC policy description tool. Moreover it can be used to simulate OrBAC policies. The GUI is open source. The OrBAC API, on top of which MotOrBAC has been established to help software developers to contain security mechanisms in their software.
OrBAC API
The OrBAC Application Programing Interface is a Java library which has been recognized to programmatically deploy OrBAC policies. The API features the subsequent OrBAC policy editing capabilities:
The Protekto project contains in the development of a platform which allows security policy concentration by executing verification and approval functions in the similar platform. It uses the OrBAC model and standards like SAML 2.0, XACML 2.0 and OpenID 2.0. Open source libraries like OpenSAML, OpenID4Java and SunXACML have been recycled through development. The platform is contains three principal entities:
Protekto can be used to download content presented by the Protekto SP. In this case the Protekto PDP is questioned to know if the user trying to download content is authorized to do so. In order to guarantee that privacy is enforce
Conclusion: The description of the security policy is entirely parameterized by the organization so that it is possible to handle concurrently various security policies related with different organizations. The model is not limited to permissions, but also comprises the possibility to specify prohibitions and duties. From the three abstract units (roles, activities, views), abstract privileges are defined. And from theses abstract privileges, concrete rights are derived.
- Subjects are abstracted into characters. A role is a set of topics to which the same security rule apply.
- Similarly, an activity is a set of events to which the same security rule apply.
- And, a view is a set of substances to which the same security rule apply.
- MotOrBAC: MotOrBAC is an OrBAC security policy corrector
- The OrBAC library: the OrBAC library is a set of Java classes which can deploy and understand OrBAC policies
- Protekto: a tool established by the SWID company
MotOrBAC is an execution of the OrBAC access control model. MotOrBAC aims at providing an OrBAC policy description tool. Moreover it can be used to simulate OrBAC policies. The GUI is open source. The OrBAC API, on top of which MotOrBAC has been established to help software developers to contain security mechanisms in their software.
OrBAC API
The OrBAC Application Programing Interface is a Java library which has been recognized to programmatically deploy OrBAC policies. The API features the subsequent OrBAC policy editing capabilities:
- Abstract policy specification: organizations, roles, activities, views, contexts, and abstract rules (permissions) can be used. This comprises organizations, roles, activities, and views hierarchies
- Separation constraints and rules priorities can be stated to solve conflicts between abstract rules
- Numerous languages can be used to traditional situations and object definitions. Simple ad-hoc languages have been defined to express time-based conditions or modest conditions on existing entities (subject, action or object) attributes. Two more powerful languages can be used, Java and Prolog, to be able to direct a wide variety of conditions
- The administration policy, or AdOrBAC policy, related to an OrBAC policy can be stated using the same concepts and API methods
The Protekto project contains in the development of a platform which allows security policy concentration by executing verification and approval functions in the similar platform. It uses the OrBAC model and standards like SAML 2.0, XACML 2.0 and OpenID 2.0. Open source libraries like OpenSAML, OpenID4Java and SunXACML have been recycled through development. The platform is contains three principal entities:
- Protekto IDP (Identity Provider)
- Protekto SP (Service Provider)
- Protekto PDP (Policy Decision Point)
Protekto can be used to download content presented by the Protekto SP. In this case the Protekto PDP is questioned to know if the user trying to download content is authorized to do so. In order to guarantee that privacy is enforce
Conclusion: The description of the security policy is entirely parameterized by the organization so that it is possible to handle concurrently various security policies related with different organizations. The model is not limited to permissions, but also comprises the possibility to specify prohibitions and duties. From the three abstract units (roles, activities, views), abstract privileges are defined. And from theses abstract privileges, concrete rights are derived.
