-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathauthorization.theory.txt
66 lines (60 loc) · 4.38 KB
/
authorization.theory.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
┏━━━━━━━━━━━━━━━━━━━┓
┃ AUTHORIZATION ┃
┗━━━━━━━━━━━━━━━━━━━┛
DIFFERENT PARTS ==> #Subject:
# - who performs the action, e.g. user
# - can be organized in groups
#Permission:
# - abstract set of operations, e.g. updateTags
#Operation:
# - concrete action on an object, i.e. in application code, e.g. openUpdateTagsPage
#Object:
# - resource the operation acts upon
#Policy:
# - subject + permission + object
#Most of the above have n-n relationship to each other
WHAT POLICY CHECKS ==> #RBAC ("role-based access control") checks roles:
# - are like subject groups
# - assigned temporarily ("assumed") during a "session", e.g. during authentication
# - can have multiple roles
# - can have parent role (tree hierarchy)
# - can make some roles exclusive to each other ("separation of duties")
#ABAC ("Attribute-based access control"):
# - checks subject's attributes, e.g. USER.nationality or USER.age
#Operation's attributes:
# - e.g. updating a specific attribute, or updating it to a specific value
# - can be the request, but also the response
#Object's attributes:
# - e.g.:
# - object.id: implied by using ACL
# - object's owner: often used by ACL
# - object.locked {boolean}
#Context:
# - time, place, user agent, host (HBAC), etc.
# - intent (IBAC): why request originated
# - emotion (EBAC): subject state of mind
#Rule-based access control (called RBAC too):
# - combination of any of the above
#Latice-based access control (LBAC):
# - like rule-based, but with logic related to combining several subjects, permissions or objects
# - e.g. permission allowed to subjectA, but not if together with subjectB
POLICIES INTERACTION ==> #Whitelist vs blacklist, and their interaction
#Default policy if none defined (allow|deny)
WHERE POLICY CAN BE STORED ==> #In the system:
# - statically (e.g. hardcoded in application code)
# - dynamically (e.g. in a database)
#On the objects instances:
# - ACL ("access-control list") made of ACEs ("access-control entry")
#Capability:
# - in secret token
POLICIES MANAGEMENT ==> #Example of actions on policies:
# - creating
# - reading, sharing
# - updating
# - full|partial deleting
#Can be performed:
# - MAC ("mandatory access control"): by system, not users, i.e. centralized
# - DAC ("discretionary access control"): by users, not system, i.e. decentralized
#Often coupled with where policy is stored:
# - usually in system for MAC
# - usually in objects or capabilities for DAC