WO2002067173A9 - A hierarchy model - Google Patents
A hierarchy modelInfo
- Publication number
- WO2002067173A9 WO2002067173A9 PCT/SG2002/000027 SG0200027W WO02067173A9 WO 2002067173 A9 WO2002067173 A9 WO 2002067173A9 SG 0200027 W SG0200027 W SG 0200027W WO 02067173 A9 WO02067173 A9 WO 02067173A9
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- segment
- security
- business
- node
- security policy
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the present invention relates to a hierarchy model for modelling the security policy of a business, and in particular, to a hierarchy model which when implemented is capable of allowing security administrators to centrally manage user and application security related attributes (authentication methods, access rights, privileges, access control rules) and other application attributes.
- the present invention provides a hierarchy model for modeling the security policy of a business, the hierarchy model including: a) A number of segment nodes, each segment node being used to define the security policy which applies to a respective segment of the business, each segment being associated with a number of respective individuals and/or applications, each segment node including at least one of the following: i) A principal node, the principal nodes being used to define the security policy which applies to respective individuals within the business, each principal node including one or more principal entities, and each principal entity corresponding to a respective indrvidual; ii) An application node, the application nodes being used to define the security policy which applies to respective applications or objects within the business, each application node including one or more application or object entities, and each application or object entity corresponding to a respective application or object; iii) A group node, the group nodes being used to define the security policy which applies to respective groups of principals within the business, each group node including one or more group entities,
- the present invention provides a method of generating a hierarchy model for modeling the security policy of a business, the method including: a) Defining the business as a number of segments, each segment being a respective unit within the business; b) Determining the individuals, groups of individuals and/or applications associated with each unit; c) Defining a number of segment nodes, each segment node being used to define the security policy which applies to a respective segment of the business; d) Defining at least one principal, group and/or application node, ea-ch principal, group and/or application node being used to define the security policy which applies to respective individuals, groups of individuals and/or applications; and, e) Defining a number of connections between the defined nodes in accordance with the relationships between the segments, individuals and/or applications to reflect the structure of the business.
- the present invention provides a computer program product including computer executable program code for generating a hierarchy model in accordance with the method of the first broad form of the invention.
- the present invention provides a system for generating a hierarchy model for modeling the security policy of a business, the hierarchy model including: a) An input, adapted to receive inputs: i) Defining the business as a number of segments, each segment being a respective unit within the business; ii) Identifying the individuals and/or applications associated with eacti unit; iii) Defining a number of segment nodes, each segment node being used to define the security policy which applies to a respective segment of the business; iv) Defining at least one principal, group and/or application node, each principal, group and/or application node being used to define the security policy wd ich applies to respective individuals, groups of individuals and/or applications; and, v) Defining a number of connections between the defined nodes
- the present invention provides a hierarchy model for modelling security policy of a business, as well as a method, a computer program product and a system for generating such a model.
- the model includes a number of segment nodes, which can in turn in- elude a number of principal, application or group nodes.
- the business is modeled in terms of a numbe - of interconnected segment nodes, with the principal, group, and application nodes being used to represent individuals, groups of individuals, and applications/objects within the business respectively.
- This allows the security policy to be defined for the segments of the business separately or in conjunction with othex segments, allowing a security policy to be defined for smaller units of a business separately.
- This technique can be extended so that the segment include related external organisations, such as external suppliers, thereby allowing the hierarchy model to be used in modelling the security policy of a business on its own, or of a business and its related external organisations. Using this technique the defined policy can apply to the business as a whole, or to different units, such as departments within the business, as well as related external organisations.
- Respective security administrators can then be used to define variations in the overall policy to each segment.
- Policies applied to a given segment are then applied to the associated individuals, groups or applications principal so that the security policy applies to all entities within the entire business.
- the respective individual may correspond to a functional (non-interactive) identity within the business.
- there are one or more servers, daemons or the like which need to login to the security system in order to perform actions, or complete tasks, on betialf of users of the system (individuals). Accordingly, in order to be able to login to the security system, the servers, daemons or the like, need respective identities. As the servers or the like are unable to handle interactive login prompts, these identities are referred to as non-interactive ids.
- each segment node may include one or more child segment nodes, each ch-rild segment node defining the security policy for a logical unit within the respective parent segment.
- a parent segment could be a regional office with the child segment forming a department within the office.
- the hierarchy model usually further includes at least one root segment node, the root segment node being a segment node with no parent nodes. This can be used to represent the security policy for the overall business, with variations from this policy being defined in the child segments as reqixired.
- the model typically further includes application collection entities, each application collection entity representing a collection of application entities. Again, this allows common security policies which would be applied to a number of applications to be factored out into application collections.
- the model is implemented within a database, the database including a number of tables, each table representing a respective type of node within the model. This can allow the database structure to reflect the structure of the hierarchy model allowing changes to the hierarchy model to be easily implemented within the database. Furthermore, transfer of security policy from one level of Che hierarchy model to another can easily be implemented by propagating data between the tables in the database. This allows the present invention to be implemented using a relational database, or the like.
- the database usually includes a segment table, with each segment node being represented by a respective entry within the segment table.
- a principal table is usually provided with each principal entity being represented by a respective entry within the principal table, a group table, with each group entity being represented by a respective entry within the group table and an applications table, with each application entity, object entity and application collection entity being represented by a respective entry in the application table.
- the number of connections are preferably represented by links between entries in the tables.
- each node within the model has an associated number of security settings, the security policy being defined by selecting appropriate ones of the security settings.
- each type of node can have respective security settings.
- a number of standard security settings will be pre-defined associated with each model.
- each entry is defined in a respective row of the respective table, with eacfci security setting being defined within a respective column.
- each node is defined in a respective row of the respective table, the security setting being defined in a respective column.
- the database will typically contain a segment table that includes details of each segment in a respective row of the table.
- the present invention provides a method of defining a security policy for a business, the method including: a) Defining the business in terms of a hierarchy model, the hierarchy model including: i) A number of segment nodes, each segment node being used to define the security policy which applies to a respective segment of the business; ii) At least one principal, group and/or application node, each principal, group and/or application node being used to define the security policy which applies to respective individuals, groups of individuals and/or applications; and, iii) A number of connections between the defined nodes, the connections representing the relationships between the segments, individuals and/or applications to reflect the .structure of the business.
- the present invention provides A computer program product including computer executable code for defining a security policy for a business in accordance with the method o_f the fifth broad form of the invention.
- the present invention provides a system for defining a security policy for a business or extend organisations, the system including: a) A system for defining the business in terms of a hierarchy model, the hierarchy model including: i) A number of segment nodes, each segment node being used to define the security policy which applies to a respective segment of the business or extended organisations; ii) At least one principal, group and/or application node, each principal, group and/or application node being used to define the security policy which applies to respective individuals, groups of individuals and/or applications; and, iii) A number of connections between the defined nodes, the connections representing the relationships between the segments, individuals and/or applications to reflect the structure of the business.
- the present invention also provides a method, a computer program product and a system for defining a security policy for a business. This can also be extended for use with extended organisations. This generally uses the hierarchy model of the first broad form of the present invention. Accordingly, the technique of the invention involves defining the businesses in terms of the hierarchy model, specifying the security policy for some nodes and, propagating the specified security policy to other nodes.
- the method of specifying the security policy for a node includes: a) Generating security data defining security settings for the respective node; and, b) Inputting the security data as part of the respective entry within the respective table within the database.
- the method usually further involves propagating the defined security settings to other nodes in the hierarchy model by propagating the security data to other linked entries in the database.
- this provides a technique for having the database automatically updated by a propagating security data throughout the database. This propagation is carried out in such a way that the security policy can be defined for segments and then propagated to child segments automatically.
- the security settings applied to a child segment node may override the security settings propagated from the respective parent segment node.
- the present invention provides a method of implementing a security policy for a business, the method including: a) Defining a security policy for the business, the security policy being defined in terms of a hierarchy model including: i) A number of segment nodes, each segment node representing a respective segment of the business; ii) At least one principal, group and/or application node, each, principal, group and/or application node representing a respective individual, group of individuals and/or applications within the business; and, iii) A number of connections, the connections defining the associations between the nodes, the security policy being defined by security settings associated with each node; b) Monitoring action to be taken by a respective segment, individual or application within the business; c) Determining if the action is permissible in accordance with the defined security settings; and, d) Allowing or preventing the action in
- the present invention provides a computer program product including computer executable code for implementing a security policy in accordance with the method of the eighth broad form of the present invention.
- the present invention provides a system for implementing a security policy for a business, the system including: a) A system for defining a security policy for the business, the security policy being defined in terms of a hierarchy model including: i) A number of segment nodes, each segment node representing a respective segment of the business; ii) At least one principal, group and/or application node, each, principal, group and/or application node representing a respective individual, group of individuals and/or applications within the business; and, iii) A number of connections, the connections defining the associations between the nodes, the security policy being defined by security settings associated with each node; and, b) A processor, the processor being adapted to: i) Monitor action to be taken by a respective segment, individual or application within the business; ii) Determine if the
- the present invention also provides a method, a computer program product and a system for implementing a security policy. This is achieved by monitoring actions to be taken by respective segments, individuals or applications within the business and then determining if this action is permissible in accordance with security settings defined within the hierarchy model. This then allows the action to be prevented or allowed depending on the security settings defined.
- security settings are stored in a database associated with the respective segment, principal, group and/or object node, the method of determining if the action is permissible including: a) Accessing the database to determine the security settings for the respective segment, individual and/or application; and, b) Comparing the accessed security settings to the action to be taken to determine if the action is permitted.
- the hierarchy model is a model according to the first broad form of the present invention.
- the present invention provides a method of controlling the security policy of a business, the security policy being defined using a hierarchy model including: a) A number of segment nodes, each segment node having an associated number of security settings, the segment node being used to define the security policy which applies to a respective segment of the business by selecting appropriate ones of the security settings; and, b) A number of connections, the connections defining associations between the segment nodes to reflect the structure of the business, the method including: i) Assigning an administrator to each segment; , ii) Defining administration rights that can be assigned to any administrator, the administration rights controlling the administration procedures the respective administrator can perform; and, iii) Assigning appropriate ones of the administration rights to the administrator, if required.
- the present invention provides a computer program product for controlling the administration of the security policy of a business, the computer program product including computer executable code for performing the method of the eleventh broad form of the present invention.
- the present invention provides a system for controlling the administration of the security policy of a business, the security policy being defined using a hierarchy model including: a) A number of segment nodes, each segment node having an associated number of security settings, the segment node being used to define the security policy which applies to a respective segment of the business by selecting appropriate ones of the security settings; and, b) A number of connections, the connections defining associations between the segment nodes to reflect the structure of the business, the system including: i) An input for: (1) Receiving an indication of an administrator assigned to each segment; , (2) Defining administration rights that can be assigned to any administrator; and, (3) Assigning appropriate ones of the administration rights to the administrator, if required; and, ii) A processor adapted to control the administration procedures the respective administrator can perform
- the present invention seeks to provide a method, computer program and system for controlling the administration of the security policy of a business. This is achieved by having administrators assigned to respective segments, and then controlling the action that can be taken by the administrators. This is achieved by the use of granular administration rights which control the administration actions an administrator can perform, including the rights to alter security policy and settings, as well as the rights to read/view various policy settings.
- the method of assigning the administrator includes defining an administrator entity for each segment, the administrator entity representing a respective individual within the business.
- the method of controlling the administration rights usually includes assigning appropriate ones of the administration rights to the defined administrator entity.
- the administration rights are defined at the system level.
- the present invention provides a method of controlling the administration of the security policy of a business, the security policy being defined using security settings, the method involving: a) Assigning first and second administrators to control alteration of the security settings; b) Controlling the first administrator to only allow the first administrator to propose changes to the security settings; and, c) Controlling the second administrator to only allow the second administrator to accept or reject proposed changes to the security settings, thereby allowing the first and second administrators to control the security settings .
- the present invention provides a computer program product including computer executable code for controlling the administration, of the security policy of a business in accordance with the method of the fourteenth broad form of the present invention.
- the present invention provides a system for controlling the administration of the security policy of a business, the security policy being defined using security settings, the system including: a) An input for assigning first and second administrators to control alteration of the security settings; and b) A processor adapted to: i) Control the first administrator to only allow the first administrator to propose changes to the security settings; and, ii) Control the second administrator to only allow the second administrator to accept or reject proposed changes to the security settings, thereby allowing the first and second administrators to control the security settings.
- the method of assigning the first and second administrators includes defining first and second administrator entities, the first and second administrator entities representing respective individuals within the business.
- the method of controlling the administrators usually involves: i) Defining a number of administration rights that can be assigned to any administrator entity, the administration rights controlling the administration procedures the respective administrator can perform; ; and, ii) Assigning appropriate ones of the administration rights to the respective administrator entity.
- the administration rights are usually selected ones of the security settings and wherein the administration rights are selected to prevent an administrator altering the administration rights of their own respective administrator entity.
- the hierarchy model is a model according to the first broad form of the present invention.
- the present invention provides a method of controlling the administration of the security policy of a business, the security policy being defined using a hierarchy model including: a) A number of segment nodes, each segment node having an associated number of security settings, the segment node being used to define the security policy which applies to a respective segment of the business by selecting appropriate ones of the security settings; and, b) A number of connections, the connections defining associations between the segment nodes to reflect the structure of the business, the method including: i) Assigning an administrator to each segment, the administrator being responsible for the security settings of the respective segment; and, ii) Allowing a first administrator to delegate responsibility for the security settings of a respective segment to a second administrator.
- the present invention provides a computer program product including computer executable code for controlling the administration of the security policy of a business in accordance with the method of the seventeenth broad form of the present invention.
- the present invention provides a system for controlling the administration of the security policy of a business, the security policy being defined using a hierarchy model including: a) A number of segment nodes, each segment node having an associated number of security settings, the segment node being used to define the security policy which applies to a respective segment of the business by selecting appropriate ones of the security settings; and, b) A number of connections, the connections defining associations between the segment nodes to reflect the structure of the business, the system including: i) An input for assigning an adrninistrator to each segment, the administrator being responsible for the security settings of the respective segment; and, ii) A processor adapted to allow a first administrator to delegate responsibility for the security settings of a respective segment to a second administrator.
- the method of delegating responsibility includes: a) Determining if the administration rights for the first administrator allow responsibility to be delegated to the second administrator; and, b) Selecting some or all of the administration rights for the second administrator to correspond to the administration right for the first administrator, thereby allowing the second administrator to perform some or all function of the first.
- the present invention provides a method of monitoring a security system implementing a security server, the method including: a) Causing the security server to generate an indication of each action taken on the security system; b) Digitally signing the indication of each action; and, c) Storing the digitally signed indication.
- the present invention provides a computer program product including computer executable code for monitoring a security system in accordance with the method of the twentieth broad form of the present invention.
- the present invention provides a system for monitoring a security system implementing a security server, the system comprising: a) An input for receiving an indication of each action taken on the security system; " b) A processor for digitally signing the indication; and, c) A store for storing the digitally signed indication.
- the present invention provides a method, computer program and a system for monitoring a security system. This is achieved by storing an indication, such as an audit log, recording actions that have be taken by the security system, thereby allowing the actions taken to be determined at a later date.
- the method usually includes storing the digitally signed indication in a table, each digitally signed indication being stored in a respective portion of the table.
- the security server is adapted to generate an authorisation or rejection indication in response to a request to perform an action, and wherein the method further includes causing the security server to generate an indication of each authorisation or rejection.
- Digital signature ensures the integrity of the stored information.
- the store is located remotely to the security system on a dedicated system, such as one or more dedicated servers. This ensures the security of the stored information. Accordingly, the security system based on above model offers a facility to centralize authentication, authorization and administration functions.
- the security system allows security administrators to centrally manage user and application security-related attributes, authentication methods (such as passwords, dynamic passwords or X.509 certificates), rights, privileges and access controls rules. This is achieved by using a central security system whenever applications need to access a resource on behalf of a user.
- the security server responds to the users or applications by referring to the policies and access control rules in its authorization database.
- FIG. 1 is a schematic diagram of a network root segment including a security server according to the present invention
- Figure 2 is a schematic diagram showing the functionality of the security system of Figure 1
- Figure 3 is a schematic diagram of one of the security servers shown in Figure 2
- Figure 4 is a schematic diagram of a hierarchy model according to the present invention
- Figure 5 is a screen shot taken from the graphical user interface (GUI) of the policy server of Figure 3, when defining the security policy of a segment node
- Figure 6 is a screen shot taken from the graphical user interface (GUI) of the policy server of Figure 3, when defining the privileges of a principal
- Figure 7 is a screen shot taken from the graphical user interface (GUI) of the policy server of
- the system includes a communications network 1 which forms the internal network of a business.
- the communications network 1 could range from a small Ethernet LAN (local area network), to a global WAN (wide area network) which is formed from a number of networks distributed throughout the world.
- Coupled to the network 1 is a number of user end stations 2, which allow users to access the network and any of the services or information contained thereon.
- the end stations 2 may be any form of suitable processing system, and may be connected to the network 1 using either wired or wireless connections, as will be appreciated by persons skilled in the art.
- a security system 3 is provided, as will be described in more detail below.
- a web server 4 which is used to provide facilities such as a web site on the Internet 5, which is coupled to the network 1, as shown.
- access to the Internet 5 is controlled using an appropriate firewall.
- access to the network can also be achieved in a number of different ways.
- the network 1 could be accessed using end stations 8 which are coupled to the Internet 5, via the Internet 5 and the web server 4.
- access could be achieved from mobile communications systems 9, such as a WAP or GPRS enabled mobile phone, or a lap top computer with a modem.
- access could be achieved by dialing into the network directly, or by establishing a connection via the Internet 5. In either of these cases, this will allow remote users, such as clients of the business, or employees located out of the office, to access the network 1.
- An application server 6 is provided to allow users of the end station 2 to access various applications
- a database server 7 is provided to allow the users of the end station 2 to access databases connected to the network 1.
- the functionality of the security system 3 is shown in more detail in Figure 3.
- the security server includes a policy server 20, which is used to define a security policy for the business.
- An access server 23 is provided for implementing the defined security policy, whilst a service server 26 is used to configure and monitor the status of the other servers 20, 23.
- the configuration of each of the servers 20, 23, 26 is shown in more detail in Figure 2.
- the servers typically include a network interface card 10 for coupling the server to the network 1.
- the network interface card 10 is in turn coupled to a processor 12 and a memory 13 via a bus 11.
- An input/output device (I/O device) 14 is also typically provided, usually in the form of a keyboard and monitor to allow information to be entered and obtained from the security server 3.
- each of the servers 20, 23, 26 may be any form of processing system, such as a personal computer, or the like, which is configured in accordance with the present invention.
- the policy server 20 includes a policy daemon 21 and a report daemon 22, the access server 23 includes an authentication daemon 24, an authorization daemon 25, and an audit daemon 29.
- the service server 26 implements a configure/monitor 27 which operates to monitor and configure the other servers 20, 23, as required.
- the daemons 21, 22, 24, 25, 29 are implemented within the processors 12 of the respective servers 20, 23, 26.
- each server 20, 23, 26 implements an API layer 30, which is a library of code for implementing a number of APIs.
- the API library code will form part of the applications software executed by the processors 12 of each of the servers 20, 23, 26, such that each of the servers 20, 23, 26 has access to a respective API layer 30, although for simplicity only a single API layer is shown in Figure 2.
- the API layer includes a crypto-API 31 that is coupled to a key database 32 and a crypto library 33.
- the key database 32 and the crypto library 33 store the keys and rules which allow the each of the servers 20, 23, 26 to implement specific forms of cryptography.
- a registry API 34 is provided to couple the servers 20, 23, 26 to a user database 35, and a policy database 36 as shown.
- the user database 35 is used to store information regarding each of the potential users of the system, such as user names (or IDs) and passwords, as will be explained in more detail below.
- the policy database 36 is used to store the security policy of the business which the servers 20,
- a log API 37 is provided to couple the servers 20, 23, 26 to a log store 38, the log store being used to maintain logs recording user access to the system
- a config API is provided to couple the configure/monitor 27 to a store of config files 40 which are used to configure the security server 3 for the particular operating environment
- the API layer is used as an interface between the servers 20, 23, 26 and the key database 32, the crypto library 33, the user database 35, the policy database 36, the log store 38, and the config file store 40 Operation of the security system 3 according to the present invention will now be described.
- the security system 3 operates to enforce a security policy which is defined for an entire business.
- the security system 3 uses the access server 23 to be able to determine for each possible user of the end stations 2 the various access rights the respective user has.
- certain users may only be provided with rights to access certain enterprise resources provided by the network system.
- use of the applications contained on the applications server 6, or use of some of the information available on the database server 7, may be limited for some users.
- the user may be asked to provide a user name and associated secret password, a user certificate, a dynamical password, or other suitable form of user identifier.
- the identification process is performed when the user attempts to access, for example, the web server 4 or the applications server 6.
- a Web Security Agent (WSA) contained in the web server 4 or an Application Security Agent (ASA) contained in the applications server 6 will prompt the user to enter their user identifier.
- the user identifier is entered by the user at the end station 2 before it is transferred to the WSA or ASA via the network 1.
- the WSA or ASA Upon receipt of the user identifier, the WSA or ASA will forward the user identifier to the access server 23, which will operate to validate the request.
- the access server 23 of the security server will then access the user database 35 to determine if the entered user identifier is valid.
- the access server will check that the entered password corresponds to the entered user name, allowing the identity of the user to be confirmed. Once the identity of the user has been confirmed, the user is logged on to the system.
- the access server 23 will assign a random session ID to the log in session of the user. Once this has occurred, the access server 23 will use the session ID to determine the current log in status of the user, as well as to determine the access privileges which are defined for the user in the security policy stored in the policy database.
- the WSA or ASA will query the access server 23, which will in turn access the authorization daemon to determine if the action is allowable within the scope of the users access privileges. An indication of this will be transferred to the WSA or the ASA, thereby allowing the WSA and the ASA to control the user's access to applications or information stored in the servers 4, 6, 7. It will be appreciated from this that it is therefore necessary to define for each user of the end stations 2 the respective access privileges. This can be achieved by using the policy server 20 of the present invention to define a global security policy for the entire business organization.
- the policy server 20 of the present invention allows a system administrator, or the like, to define a policy for the entire business organization by considering the business as a hierarchy structure formed from a number of different nodes.
- the hierarchy structure generally includes segment nodes, principal nodes, group nodes, and applications nodes.
- the segment nodes are used by the policy officer to define security policies for different segments within the business.
- a segment is taken to be a logical unit within the business, which is responsible for, or at least capable of, organising and administrating respective users, groups or applications.
- Each segment node may contain zero or one principal nodes, zero or one group nodes, zero or one application nodes, and zero or more segment nodes.
- first segment node contains a second segment node
- the second segment node is sometimes referred to as a sub-segment, in that it relates to a smaller logical unit within the first segment.
- the first segment and the second segment are related to each other via a parent child relationship, with the first segment node being the parent and the second segment node being the child.
- the principal node is used to define access privileges for one or more individuals within the respective segment of the business.
- the individuals are referred to as principal entities and each principal node may contain zero or more principal entities.
- the group nodes are provided to set access privileges for groups of individuals. In general, each group node may or contain zero or more group entities, . with each group entity corresponding to a respective group of individuals.
- the application node is used to define access permissions for application entities and may contain zero or more application entities or application collection entities.
- Each application collection entity may contain one or more application entities, whilst each application entity may contain one or more object entities.
- the object entities may be any form of data object within the network system, and accordingly, the application entities (which are typically formed from one or more object entities) may correspond to software applications utilised by the system shown in Fig. 1.
- the policy officer therefore defines the security policy for a business by defining security policies at different levels within the hierarchy structure. Accordingly, in order to define a security policy for the business under consideration, the policy officer must first define the business in terms of a hierarchy structure which includes a number of segment, principal, group and application nodes.
- the hierarchy structure includes a number of segment nodes, 60, 61, 62, 63, 64, 65, 66, 67, 68.
- the segment node 60 has four child segment nodes (or sub-segments) 61, 62, 63, 64 which are connected to the segment node 60 via respective relationships 61a, 62a, 63a, 64a.
- the segment node 60 does not include a parent segment node and accordingly, the segment node 60 is referred to as a root segment node of the business, which represents the highest level at which security policy can be defined for this area of the business.
- each segment can include zero or one principal nodes which allow the access privileges of individuals to be set.
- the segments 62, 65 are each shown as having a respective principle node 71, 72.
- other segments will include a respective principle node, although this has not been shown for clarity purposes.
- the individuals, whose access privileges are defined by the principal nodes, are shown for example, at PI, P2, P3, P4.
- each principal node may specify the access privileges for a number of principal entities.
- a number of group nodes 73, 74, 75 are also shown. Again, each segment will only have zero or one group nodes.
- the group nodes are used to set access privileges for one or more group entities Gl, G2, G3, G4 which in turn specify the access privileges of one or more principal entities.
- a principal entity PI may join one or more group entities Gl, G2, G4 as appropriate.
- the "Bob" principal entity may belong to both a "Staff group entity, which specifies access privileges for general staff, and a "Manager” entity which specifies access privileges for managers.
- a number of application nodes 81, 82, 83, 84 are shown, each of which includes a number of application entities Al, A2, A3, A4.
- the application nodes are used to define the access permissions for the application entities, which as described above can correspond to applications software, or to data objects on the system, as shown by the object entities 01, 02 which make up the application entity A4.
- the policy officer uses the structure of the segment, group, principal and application nodes to model the business structure.
- the segment nodes 61, 62, 63, 64 are used to represent different portions of the business.
- each segment node is an independent unit, which is capable of administering its own applications and users, and which accordingly can function autonomously independent of the other segment nodes.
- the administration units typically conespond to different departments, or the like, within the business. It is also possible that some or all of the administration unit within the hierarchy are not within the organization but those of the external organizations e.g. suppliers, customers and other business partners.
- the segment nodes 65, 66, 67, 68 which are child segment nodes of the segment nodes
- segment nodes, 62, 63 which do not include any child segments.
- segment nodes 61, 64 correspond to larger portions of the business, such as a subsidiary business
- child segment nodes 65, 66, 67, 68 may represent departments within that subsidiary.
- the principal nodes are then defined to correspond with individuals within the company or in external entities. In this case, each individual is represented by a respective principal entity, with each principal entity being associated with a respective principal node.
- object entities which represent different objects, and application entities which represent different applications, are associated with respective application nodes.
- the policy server 20 provides a graphical user interface (GUI), an example of which is shown in Figure 5, to aid this process.
- GUI graphical user interface
- the GUI shown in Figure 5 is associated with the policy database 36 by the policy server 20 so that as the structure of the business is defined using the GUI, the policy server 20 can create entries in the policy database so that the hierarchy structure is automatically reflected by the schema of the policy database 36.
- the policy database 36 includes a number of predefined tables, including a segment table, a principal table, a group table and an application table. Accordingly, a respective table is provided for each type of node within the hierarchy model, allowing each of the tables to be used to define respective ones of the nodes that constitute the business hierarchy.
- each segment node is defined as a respective entry within the segment table.
- the segment table can be considered as representing a segment concept with each segment node being a respective instance of the segment concept.
- the tables include pre-defined policy fields that are used to allow the policy of the business to be defined. This is achieved by providing data (usually in the form of a parameter or numerical value) to set the field so that it represents a particular policy.
- the fields are typically defined as columns within the tables, with each node being provided on a separate row.
- the segment table may include such fields as "password expiry duration", "password length”, “password warning”, “password age”, and the like. An example of this structure is shown in Table 1 below.
- the database tables typically include default fields that allow a policy officer to define a security policy by simply entering appropriate data. However, the option is also available to allow the policy officer to define further fields, as required. Data is entered into the tables using the GUI mentioned above. Accordingly, the policy officer is therefore able to define the segment nodes, 61, 62, 63, 64, which correspond to segments within the business by simply entering data representative of the respective segment. An example of this is shown in Figure 5. This example is based on a fictional company XYZ, which includes offices in the USA and Asia.
- the GUI includes a structure view 100, which shows the structure of the hierarchy which has so far been defined, and an editor screen 101 which is used to define the nodes and entities contained within the structure, as well as to edit policies for the defined structure nodes and entities.
- the policy officer has defined a root segment node 110, which represents the company XYZ.
- the root segment node has two child segment nodes which have been defined, namely a USA office 111 and an Asia region 112, the latter of which has a further child segment node, namely a corporate segment node 114, as shown.
- Each of the root segment node 110, the US A segment node 111 , the Asia region segment node 112 and the corporate segment node 114 include respective principal nodes 120, 122, 123, 125 which are used to define the security policy for respective individuals within these respective segments.
- the root segment node 110, the Asia region segment node 112 and the corporate segment node 114 all include respective group nodes 121, 124, 126, which allow policy to be set for groups of individuals.
- the application node 113 includes a banking applications entity 127, an SSL certificate applications entity 128, an SSL normal applications entity 129, and a trading applications entity 130.
- the policy server 20 uses this information to generate the structure view 100, as shown in Figure 5.
- the segment table defines all the policy fields that are associated with the segment nodes. As would be appreciated by a person skilled in the art, these fields are predefined by the programs, although they can be adjusted by the policy officer if required.
- the system administrator defines the USA office segment node 111
- the user will also define that this is related to XYZ company segment node 110, by a parent-child relationship. Accordingly, a link is defined between the USA Office entry and the corresponding XYZ Company in the segment table. This is achieved by having a unique segment ID for each segment in the table, and having a parent ID column in the table, indicating the segment ID of any parent segments, as shown in Table 3, which shows a restricted portion of the segment table.
- the USA office segment node includes the segment ID of the XYZ segment node in the Parent ID column, thus indicating the XYZ segment node is the parent of the USA Office segment node.
- the XYZ segment node does not include a segment ID in the parent ID column, indicating that it is the root segment node. This process is then repeated for each of the nodes of the business hierarchy, so that all the nodes of the hierarchy are entered in the policy database in an appropriate one of the tables.
- the policy database 35 will include a segment table, a principal table, a group table and an application table.
- the user would utilize the edit screen 101.
- the editor screen includes a structure window 140, and policy window 141, and a registry window 142.
- an add buttonl43, an edit button 144, a delete button 145, a save button 146, and a cancel button 147 are provided.
- the user need simply click on the add button 143. The user will then be prompted to enter the type of node which is to be added within the structure.
- the user will be prompted for additional information, which is used to uniquely define the node, and this includes the requirements for a name, which must be entered into a name field 148 and a brief description of the node which must be entered into a description field 149.
- the user can access the policy window 141 to define the policies for the respective node. As described above, a number of default policies are pre-defined within the policy database tables, and these are displayed as shown.
- a policy propagation control 150 is provided which allows the user to select whether the security policy of the effective node is inherited from a parent node 151a or whether the policy is a new policy which overrides the policy of the parent as shown at 151b.
- the policy if the policy is inherited, it will be identical to the policy of the parent node.
- the XYZ Company root segment node is the parent node of the USA Office segment and accordingly, if the inherit box 151a is checked, the policy implemented by the USA office segment node will be identical to that implemented by the XYZ Company root segment node.
- the data entered into the policy fields of the USA segment node will be obtained directly from the respective XYZ company entry in the segment table of the policy database.
- the policy server also includes a turn on maker checker field 151, which is used to activate a maker checker procedure which will be explained below, a password lock out field 161, which is used to lock out a user if they enter an incorrect password a predetermined number of times, and a password restriction field 152.
- the password restriction field 152 allows the system administrator to define restrictions on the password, such as a password expiry duration 153, a character requirement for the password 154, a warning towards password expiry 155, a password age 156, a special character field 157, and a remember password section 158.
- an access time restriction 159, and an access location restriction location 160 are also defined.
- policy fields are also defined for the remaining principal, group and application nodes. In general these fields will be similar to those used for the segment nodes.
- Similar provisions are made for defining the principal, group, application and object entities.
- policy settings are defined using the policy editor GUI.
- the edit screen 101 again includes a principal ID 170 identifying the respective principal, together with a name field 171 which includes the name of the principal and a distinguished name 172 which is one of the attributes of this user's X509 digital certificate.
- the edit screen also includes an information window 173, which is used to provide basic information about the principal, such as their location in the business, or the like.
- An accounts screen 174 is provided which sets out details of the principals user account, such as the amount of time the user has spent logged on, or the like.
- a privilege screen 175 setting out any access privileges assigned to the user. This allows the security manager to define access to applications or information managed by segment nodes other than the users own. Thus, in this example, the user "Bob" may form part of the banking back-end applications entity, but may require access to applications or information which forms part of the home banking applications entity. Accordingly, the user "Bob” is given access privileges under the home banking applications entity. In use, this is achieved by setting an access privilege for the principal entity "Bob" for the home banking and banking backend applications entities defined in the applications table within the policy database, as shown by the ticks 178, 179.
- a memberships screen 176 is used to define which groups the user belongs to.
- a policy screen 177 (not shown in detail) is used to define user specific policy, and will therefore set out the security settings which apply to the respective user. Again by default, an inherit option is available to allow the user to simply inherit policy settings from other entities or nodes. Alternatively, the settings can be defined on an individual basis.
- the data is written into an appropriate one of the database tables. Thus, for example, once the policy settings have been defined for a principal entity, a respective entry is made in the principal table, with the respective entity being entered in a respective row of the table.
- a similar process is followed for group entities, allowing the access policies to be defined for a group of principal entities which are associated with the respective group entity.
- the security policy for application and object entities is controlled by an application management screen as shown for example in Figure 7.
- the structure view 100 shows that the banking applications entity 127 contains a number of object entities 190, such as a cusaccount object entity 191 which is currently selected.
- the applications management screen includes an editor screen 101 which in turn includes a name field 180, a description field 181 and a type field 182, which are together used to identify the respective application and/or object entity which is currently selected.
- the name field 180 include the name "cusaccount" of the customer account object entity.
- Method, role, and permission screens 183, 184, and 185 are also provided.
- the method screen is used to provide details of the method by which is application is accessed, whereas the role screen 184 is used to define the role of the application.
- Roles represent the users of application and their access permissions from application manager's perspective, that is, who is going to use the object of this application, what access rights they have to the object, and under what conditions. Roles are application-specific, e.g.
- the permission screen 185 sets the parameters required for a user to gain access to the application and/or object.
- the permission screen 185 indicates access privileges required by a user to access the respective application, as well as any other additional criteria.
- a policy officer when presented with the GUI, can utilize the GUI to define the policy for the business on a number of different levels. To summarize, this is achieved by first determining a hierarchy model which models the actual structure of the business. The hierarchy model is then imposed on the database schema by defining the hierarchy model using the policy server and the associated GUI, with links between various nodes in the defined hierarchy model being represented by links between entries within the database tables. Once this has been completed, it is then possible for the policy officer to set the security policy, firstly for the root segment node, and then for each subsequent node and entity in the hierarchical model.
- the policy applied to a higher level is automatically inherited by lower levels within the database, using for example, the inherit option 150a which forms part of the propagate policy control 150.
- the inherit option 150a which forms part of the propagate policy control 150.
- the policy officer need merely specify new policy settings for the segment node whose policy differs from that of the root segment node segment.
- the system can configured to prevent policy settings of lower segments from being weaker than those of the root segment.
- the data representative of the policy settings can be stored either in the policy database, as is the case for the policy settings of the segment nodes, or in the user database 35.
- the user database will include an entry for each principal entity, with the entry providing data representative of the respective user name, and password.
- the principal table in the policy database 36 will specify the security settings for the principal node, with an association being defined between the principal entity and the principal node. This association allows the policy of the principal entity to be defined by the settings selected for the respective principal node. In use, once the security policy has been defined, the security policy is then implemented by the access server 23.
- the access server 23 will then use the authentication daemon 24 to access the user database 35, via the registry API 34, to ensure the password and user name are valid. Assuming this to be the case, the access server 23 will cause the WSA or ASA to allow the user to have access to the network in accordance with the access privileges defined for that user. Once this has been achieved, all subsequent operations that require security clearance must also be checked.
- this is achieved by having the access server 23 assign a session ID to each user whom is logged on to the network. Whenever an action is to be taken, the access server 23 will cause the authorization daemon 25 to access the policy database 36, via the registry API 34, to determine if the particular action is allowable. This check is performed by checking the policy settings for the respective user, using the session ID to identify the user, and allowing the access server 23 to determine if the action should be allowed. If the action is allowed, then an indication of this is transferred to either the WSA or ASA as appropriate, otherwise, an inhibit response is transferred causing the WSA or ASA to prevent the user taking the requested action.
- the above discussion has focussed on the setting of security policy by a policy officer for principals, groups and applications of a business.
- security administration reviewing and enforcing the security policy settings for the entire business will be best achieved by dividing the responsibility amongst a number of system operatives. Accordingly, it is normal to define a number of administration functions including policy officers, security auditors and security administrators.
- the policy officers are in charge of defining the security policy for the entire business as a whole, using the present invention.
- the security auditors are in charge of controlling the generation of the audit files.
- the security administrators are in charge of administering the security policy, application access permissions, user credentials, and privileges, at this is typically achieved by providing at least one security administrator for each segment, with the security administrator being responsible for security within the respective segment node and any associated child nodes.
- the security administrators are provided with limited powers to alter policy, which will differ for each administrator of each segment. Accordingly, the administrators are assigned different rights at different segments, the rights assigned being only those rights which are required for their job.
- a first security administrator may be associated with and have certain rights for the USA office segment node, whereas a second different security officer may be placed in charge of the Asia region segment node. In this case, the first security officer will typically have no rights over the Asia region segment node.
- Examples of administration rights implemented are as follows: Policy(POL ⁇ ): Right to set and change security policy AuditfAUD'): Right to review audit logs TraverseCTRA ⁇ : Right to traverse the hierarchy SegmentViev fSVW): Right to view (the details of) segment Principal Vie wfPVW) : Right to view (the details of) user ObiectViewfONW): Right to view (the details of) object SegmentControl(SCN): Right to create/delete/modify administrator and segment structure (User, Group, application nodes and sub-segment nodes) PrincipalControlflPCN): Right to create/delete/modify user ObiectControl(OCN): Right to create/delete/modify object PrincipalEnable(PEN ' ) : Right to enable/disable user PrincipalForcefPFR): Right to force user change password PrincipalReset(PRS): Right to reset user password AdministratorEnable(AEN) : Right to enable/disable administrator Administrator
- each security administrator can usually only alter the policy settings of their own respective segment and any nodes such as group nodes, principal nodes or application nodes, or sub- segment nodes, which fall within the respective segment.
- the rights given to the security administrators can be carefully controlled.
- the security administrators would typically not be given the POL administration rights which allows the security administrator to change the security policy within the segment. Instead they are typically only given rights such as PCN, OCN, PEN, or other similar rights, which allow them to control the access privileges of independent entities within the nodes.
- the rights assigned to the security administrators are set for each segment separately. As a result, a security administrator may have far greater administration rights in one segment than another.
- the rights for the security administrators must be set at the segment node level, using the policy editor GUI, to allow different rights to be provided for different security administrators in each segment.
- the overall security policy of the business can be maintained by the policy officer, whilst allowing the security applied to an individual to be changed by a respective security administrator, as necessary.
- the policy officer will generally have the right to overturn any action taken by any security administrator.
- the policy officer is provided with an option which allows the synchronisation of the security policy for all segment nodes within the business. Accordingly, this can be used to ensure that a uniform security policy is in place across the entire business.
- the present invention also provides a system for logging actions taken by users of the system. This is achieved using the audit daemon 29, which is located within the security system 3.
- the audit daemon 29 operates to record each action that is taken within an audit log table in the log store 38. This operation can be achieved by having the server components, such as the authentication and authorization daemons 24, 25 call the audit daemon whenever an action is in progress. Accordingly, each time an authorization for an action is provided by the authorization daemon, this fact is recorded by the audit daemon 29 in a current log table.
- the audit daemon 29 will store an indication of the nature of the request (i.e. what action was requested) and whether the action was authorized (i.e. whether a proceed or inhibit response was generated by the access server 23). Information regarding each action taken is written into the audit log table as a new record. This record will be digitally signed before it is written into the audit log table, with an indication of the time and date at which the action occurred. This provides integrity protection of the audit log, and allows the audit daemon 29 to access the audit log table at a later date and determine at what time a particular user performed a particular action.
- the audit log table may periodically be stored or archived, with a further digital signature being provided during the process to ensure security of the records.
- This signature will include encoded information regarding the number of actions recorded and when the log was created. Typically this will occur either after a predete ⁇ nined amount of time, such as one hour, or after a predetermined number of actions have been recorded and the log file is full.
- the log store 38 could be located on a dedicated secure server, thereby further preventing the logs being tampered with.
- the present invention operates to enforce enterprise security policies effectively by: a) Defining security policies, user privileges and object permissions based on a segmented hierarchy model of users, groups and applications.
- a segment is an a ⁇ -lministration unit, which may consist of Users (Principals), Objects (Applications), and sub-segments.
- the segmented hierarchy is closely mirrors a company's existing organization structure. Roughly speaking, a segment corresponds to an organization's department or unit that manage its own applications and users.
- the security policy can be defined at root segment level or sub-segment level.
- a sub-segment can inherit the security policy from its parent segment. Sub-segments may override its parent's policy.
- parent segments can synchronize its security policy within all subordinated segments.
- the change of security policy at a segment can immediately be enforced to whole segments and its subordinated segments.
- Users and objects are defined within the segmented hierarchy. They are automatically subjected to the security policy specified at the segment where they are defined.
- the security policy is defined by Security Policy Officers, used and enforced by Security Administrators, reviewed by Security Auditors. To provide granular access control of security administration with built-in support for the best industrial security practices & principals like Segregation of Duty and Least Privilege.
- Security administrators are segregated from system administrators through the use of different administration interfaces.
- security administrators use the policy editor, whilst the system administrators use the service server, b) Security Administrators are defined at segment level and can be assigned to very granular administration rights, as set out above. c) Security Policy Officer, Security Auditor and Security Administrator functions are differentiated from each other by rights. Administrators are assigned to different rights at different segments. They can be only assigned to those rights, which are required for their job. Access Matrix can ensure that Policy and Audit will not assigned to those security administrators who have other administration rights. d) The scope of the assigned administration rights is limited to the segment where this administrator is defined and its subordinated segments. e) Administrators without the Policy right cannot modify security policies. f) Administrator with Delegation Option can delegate part or all of his/her rights to other administrators.
- the grantor can later on revoke the rights he/she granted to a grantee, which cause root segment to revoke the rights that the grantor has granted, automatically and recursively.
- Changes to powerful administration rights i.e. those with control rights can be subjected to Maker- Checker control, hi a segment where the Maker-Checker control is on, all modification-related administrator's rights will be marked as either Maker or Checker. Only the Maker can submit requests, which must be approved by respective Checker before the root segment performs the action.
- Maker-Checker Control policy can be configurable to turn on or off at segment level.
- Users are only assigned to the roles of those applications and objects, to which they are required to access.
- the present invention defines Mutually Exclusive Role Group (MERG) to ensure that a user at any time can assume at most one role within a MERG.
- MSG Mutually Exclusive Role Group
- ROLE_HOLDER is system-defined variable that is set to the current holder of the role i.e. Approver. Note that same person may be assigned to these two roles because of small team sizes.
- the present invention seeks to provide a security administration framework for large- size, mission-critical and security-sensitive environment: which provides: 1) Built-in support for enterprise-wide security policy enforcement. 2) Built-in support for best industrial security practices & principals like Segregation of Duty and Least Privilege 3) Scalable to support many different users and applications 4) Flexible enough to define and control security-related business rules within one single organization or across multiple organizations.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002245006A AU2002245006B2 (en) | 2001-02-23 | 2002-02-22 | A hierarchy model |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AUPR3331 | 2001-02-23 | ||
AUPR3331A AUPR333101A0 (en) | 2001-02-23 | 2001-02-23 | A hierarchy model |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002067173A1 WO2002067173A1 (en) | 2002-08-29 |
WO2002067173A9 true WO2002067173A9 (en) | 2005-10-27 |
Family
ID=3827347
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2002/000027 WO2002067173A1 (en) | 2001-02-23 | 2002-02-22 | A hierarchy model |
Country Status (3)
Country | Link |
---|---|
AU (1) | AUPR333101A0 (en) |
MY (1) | MY147193A (en) |
WO (1) | WO2002067173A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9237514B2 (en) | 2003-02-28 | 2016-01-12 | Apple Inc. | System and method for filtering access points presented to a user and locking onto an access point |
WO2004057834A2 (en) * | 2002-12-18 | 2004-07-08 | Senforce Technologies, Inc. | Methods and apparatus for administration of policy based protection of data accessible by a mobile device |
US7526800B2 (en) | 2003-02-28 | 2009-04-28 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
US7308703B2 (en) | 2002-12-18 | 2007-12-11 | Novell, Inc. | Protection of data accessible by a mobile device |
US7353533B2 (en) | 2002-12-18 | 2008-04-01 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
US9197668B2 (en) | 2003-02-28 | 2015-11-24 | Novell, Inc. | Access control to files based on source information |
DE602004008413T2 (en) * | 2004-02-11 | 2008-05-21 | Sony Ericsson Mobile Communications Ab | Device and method for dynamic security management |
US7720863B2 (en) | 2006-03-17 | 2010-05-18 | Microsoft Corporation | Security view-based, external enforcement of business application security rules |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE69601149T2 (en) * | 1995-07-03 | 1999-08-05 | Sun Microsystems Inc | Systems and methods for implementing a hierarchical policy for the administration of a computer system |
US6023765A (en) * | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
US6182142B1 (en) * | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
-
2001
- 2001-02-23 AU AUPR3331A patent/AUPR333101A0/en not_active Abandoned
-
2002
- 2002-02-22 WO PCT/SG2002/000027 patent/WO2002067173A1/en active IP Right Grant
- 2002-02-22 MY MYPI20020615A patent/MY147193A/en unknown
Also Published As
Publication number | Publication date |
---|---|
AUPR333101A0 (en) | 2001-03-22 |
MY147193A (en) | 2012-11-14 |
WO2002067173A1 (en) | 2002-08-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7363650B2 (en) | System and method for incrementally distributing a security policy in a computer network | |
Zhang et al. | A rule-based framework for role-based delegation and revocation | |
US7350226B2 (en) | System and method for analyzing security policies in a distributed computer network | |
Tari et al. | A role-based access control for intranet security | |
US7730092B2 (en) | System and method for managing user profiles | |
US9049195B2 (en) | Cross-domain security for data vault | |
US5173939A (en) | Access control subsystem and method for distributed computer system using compound principals | |
US8561146B2 (en) | Automatic folder access management | |
US7814076B2 (en) | Data vault | |
US7814075B2 (en) | Dynamic auditing | |
US7707623B2 (en) | Self-service resource provisioning having collaborative compliance enforcement | |
US20050060572A1 (en) | System and method for managing access entitlements in a computing network | |
US20060248083A1 (en) | Mandatory access control base | |
US20080010233A1 (en) | Mandatory access control label security | |
US20040187031A1 (en) | Trust management | |
JP2010538365A (en) | Restricted security tokens that can be transferred | |
US20040088560A1 (en) | Secure system access | |
US20020083059A1 (en) | Workflow access control | |
Thakur et al. | User identity and access management trends in IT infrastructure-an overview | |
WO2002061653A2 (en) | System and method for resource provisioning | |
WO2002067173A9 (en) | A hierarchy model | |
Cameron et al. | Introduction to IAM Architecture (v2) | |
JP4723930B2 (en) | Compound access authorization method and apparatus | |
AU2002245006B2 (en) | A hierarchy model | |
AU2002245006A1 (en) | A hierarchy model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002245006 Country of ref document: AU |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
COP | Corrected version of pamphlet |
Free format text: PAGE 27, DESCRIPTION, ADDED |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |
|
WWG | Wipo information: grant in national office |
Ref document number: 2002245006 Country of ref document: AU |