[cap-talk] Architectural Choices for Security - moving forward- How to migrate SOA from IBAC to ABAC

[Karp, Alan H]

Ken wrote:
> 
> I agree that Cap-Talk is a good place to discuss this and all 
> the various
> alternatives underway should be followed but I would like unearth some
> issues at a strategic level. For example "How might we move 
> to SOA based on
> ABAC"? I see this as an essential first step towards a Global eTrading
> network.
> 
http://www.hpl.hp.com/techreports/2007/HPL-2007-105.html shows how to
use SAML certificates as capabilities.  (Don't be put off by the length
of the report.  The last 60 pages contain a detailed walkthrough of our
reference implementation.)  Note that our approach conforms to the web
services standards.

One point that occurred to me is that IBAC isn't really the issue.  The
real problem is relying on authentication, which is also done for Role-
and Policy-Based access control.  Since the security community refers to
AuthN for authentication and AuthZ for authorization, I'm starting to
refer to NBAC, but I haven't brought myself to use the term ZBAC yet.

I've gotten a lot of interest in ABAC by pointing out the inability of
NBAC to solve the transitive access problem described in
http://www.hpl.hp.com/personal/Alan_Karp/transitive_access.pdf.  The
document is a submission to an internal conference, which is why it's in
this funky style.  You probably shouldn't distribute the reference too
widely.  If there's interest, I'll put together an official tech report.
I'll also be presenting a talk on this subject at RSA 2008.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp