Separate Admin and Client Roles Separation of Client

  • Slides: 6
Download presentation
Separate Admin and Client Roles § Separation of Client and Admin roles • If

Separate Admin and Client Roles § Separation of Client and Admin roles • If an app has authenticated as a client, Locate will return owned Managed (Crypto) Objects • If an app has authenticated as a client it will return a list of owned Entities In other words, clients own Objects, admins own Entities § Authenticating as client or admin is outside of the scope of this set of use-cases Admin Use-case implications v 0. 9 Denis Pochuev/Safe. Net 1

Objects/Operations/Attributes (in the Admin Universe) Objects: § Entity § (? ) Entity Template Operations

Objects/Operations/Attributes (in the Admin Universe) Objects: § Entity § (? ) Entity Template Operations (only with admin role): § Register § Destroy § Add/Mod/Del Attr § Locate § (? ) Locate w/attributes Operations (with client role): § Update Own Credential § Get Own Credential Validity Period § Get Own Credential State Admin Use-case implications v 0. 9 Denis Pochuev/Safe. Net 2

Objects/Operations/Attributes (in the Admin Universe) continued Named Attributes: § Name § UID § Type

Objects/Operations/Attributes (in the Admin Universe) continued Named Attributes: § Name § UID § Type (Client, Admin, Proxy) § Credential Validity Period § Credential State Custom Attributes Admin Use-case implications v 0. 9 Denis Pochuev/Safe. Net 3

Flows in terms of the new Objects/Operations/Attributes 2. 1. 4 1. Xerxes logs into

Flows in terms of the new Objects/Operations/Attributes 2. 1. 4 1. Xerxes logs into KMS-1 with admin credentials 2. X: Locate name=APP_A 3. X: Mod attribute (possibly with Placeholder ID) Credential=new 4. X: Mod attribute x-version=legacy 5. X: Register name=APP_B, Type=Client Credential=new 6. X: Locate name=APP_B/Destroy (batch w/Placeholder ID) 7. X: Locate or Locate w/attributes Admin Use-case implications v 0. 9 Denis Pochuev/Safe. Net 4

Flows in terms of the new Objects/Operations/Attributes 2. 2. 3 1 a. Yvonne logs

Flows in terms of the new Objects/Operations/Attributes 2. 2. 3 1 a. Yvonne logs into KMS-2 with admin credentials 1 b. Y: Register name=Alice type=Client credential=alice's_cred 2. Alice: Reset Own Credential 3. A: Get UID=<uid> 4. A: Get Own Credential Validity Period 5. A: Update Own Credential Admin Use-case implications v 0. 9 Denis Pochuev/Safe. Net 5

Flows in terms of the new Objects/Operations/Attributes 2. 3. 3 1 a. Xerxes logs

Flows in terms of the new Objects/Operations/Attributes 2. 3. 3 1 a. Xerxes logs into KMS-1 with admin credentials 1 b. x: Locate w/attributes 2 a. X: logs into KMS-2 with admin credentials 2 b. X: Locate Type=admin 3. X, KMS-1: Register name=Yvonne type=admin credential=new 4. X, KMS-2: Locate name=Zander/Destroy Admin Use-case implications v 0. 9 Denis Pochuev/Safe. Net 6

Separation Process Separation Methods Separation Methods 1 SeparationSeparation Process Separation Methods Separation Methods 1 Separation
Social Roles Facework Roles Roles are learned RolesSocial Roles Facework Roles Roles are learned Roles
Chemistry SEPARATION TECHNIQUES Separation Techniques Involve the separationChemistry SEPARATION TECHNIQUES Separation Techniques Involve the separation
Separation Zone Inshore Traffic Zone Separation Line SeparationSeparation Zone Inshore Traffic Zone Separation Line Separation
CLIENT SEGMENTS CLIENT SEGMENTS CLIENT SEGMENTS CLIENT SEGMENTSCLIENT SEGMENTS CLIENT SEGMENTS CLIENT SEGMENTS CLIENT SEGMENTS