<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Access control notes
</h3>
<span style="margin-bottom: 10px;">
modified by <a href="https://community.jboss.org/people/brian.stansberry">Brian Stansberry</a> in <i>JBoss AS 7 Development</i> - <a href="https://community.jboss.org/docs/DOC-48596">View the full document</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><h1>Timeline</h1><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Design Phase I:</p><p>+ Lay out the fundamental architecture, identify the main requirements and intended approach for meeting each</p><p>+ Main participants (67% time task):</p><p>++ Brian Stansberry, Darran Lofthouse, Heiko Braun, Jason Greene</p><p>+ Partial participants (25% time task):</p><p>++ David Lloyd, one other member of Domain Management team, Anil Saldhana, Harald Pehl</p><p>+ 2 weeks</p><p>+ Completion allows some aspects of dev to begin (which, TBD)</p><p>+ Inability to get the stated time commitments from all participants delays completion by that amount of time</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Design Phase II:</p><p>+ Design in detail some of the fundamental areas where either coordinated design is required or a sub-team needs to flesh out details</p><p>+ Participants and time commitment -- same as Design Phase I</p><p>+ 2 weeks</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Dev Phase:</p><p>++ TBD (see tasks below)</p><p>++ need to assign resources and timelines to each task.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Test Phase:</p><p>TBD</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h1>Tasks</h1><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>interface to decision point</p><p>+ information about resource access request</p><p>+ information about user</p><p>+ other information about request (time of day, interface, etc)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>misc op authorization</p><p>+ basic control over op execution</p><p>write-attribute/undefine-attribute authorization</p><p>add op authorization</p><p>+ trick here is cases where certain attributes can't be written</p><p>++ my instinct is to reject the add; no sophisticated rules</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>read-attribute authorization</p><p>read-resource authorization, output control to use response header to indicate content was filtered</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>configuration of our default decision point</p><p>user info configuration (what data to provide decision point, where to get it)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>read-resource-access op (an op to learn about user's ability to use API; based on read-resource-description)</p><p>+ uses</p><p>++ general information</p><p>++ allow caller to disable features that will be non-functional (e.g. buttons for misc ops that are not available)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>model-reference issues</p><p>+ general issue of resources in a tree being affected by other resources</p><p>+ server groups</p><p>++ user has rights to a resource that affects an SG, but not to the SG itself</p><p>+ hosts</p><p>++ similar issue</p><p>++ twist is host-specific config vs domain-wide config affecting server's on a host</p><p>+ others?</p><p>+ notion: enforce this at domain rollout time?</p><p>++ problem: what about an admin-only HC situation? -- no rollout</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Console</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>+ the interface structure doesn't necessarily refelct the model structure</p><p>++ i.e. some coarse grained interface compoments rely on a number of resources across the model</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>+ distinction between interface structure (interaction units) and DMR payload</p><p>+ suppression of interaction units can only be done if the screens properly bootstrap from the model</p><p>++ relates to "read-resource-access"</p><p>++ currently not the case and a major change (intended first prototype for AS8)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>+ distinction between logical entities and resource tree structure </p><p>++ i.e. /subsystem=datasources is resource tree structure </p><p>++ datasource=ExampleDS is a logical entity within the tree structure</p><p>++ makes a diference for address pattern matching...</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>+ do we support security constraints for logical entities? (can see datasource "Foo" but not datasource "Bar")</p><p>++ relates to "model-reference issues".</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>CLI issues</p><p>+ basic handling of low-level (should be ok)</p><p>+ disable high-level commands in advance?</p><p>+ ls -- high-level equivalent to read-resource</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Configuration propagation</p><p>++ master HC to slave</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>JMX security</p><p>+ AS domains depend on core security, as they just delegate</p><p>++ provide some information about access mechanism</p><p>+ other mbeans </p><p>++ what policy?</p><p>++ what control point?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Misc issues:</p><p>sniffing for resources -- request a resource to learn it exists from the failure response</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h1>Resource Attributes</h1><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The following describes resource attributes required to enforce some permission schemes we've heard:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>DMR API and Wireformat</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>+ separate static security meta data from dynamic runtime headers?</p><p>++ static: part of "read-resource-access"</p><p>++ dynamic: indication of enforced constraints as part of a DMR response (i.e suppressed elements)</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h4>Scheme 1:</h4><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Monitor:</p><p>-- read-only flag on the operation</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Configurator:</p><p>-- Storage flag on attribute</p><p>-- flag on operation to indicate runtime-only</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Operator:</p><p>-- Storage flag on attribute</p><p>-- flag on operation to indicate runtime-only</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Administrator</p><p>-- resource address</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>iscadmins</p><p>-- N/A</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Deployer</p><p>-- resource address</p><p><span>-- see IBM details at </span><a class="jive-link-external-small" href="http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.base.iseries.doc/ae/rsec_adminroles.html#rsecadminroles__deployerrole" rel="nofollow" target="_blank">http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/topic/com.ibm.websphere.base.iseries.doc/ae/rsec_adminroles.html#rsecadminroles__deployerrole</a><span> to check for more</span></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Admin Security Manager</p><p>-- I would consider the equivalent for us to be the ability to configure the access control policies</p><p>-- resource address</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Auditor</p><p>-- resource address</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h4>Scheme 2:</h4><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Anonymous</p><p>-- N/A</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Admin</p><p>-- none; user is root</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Deployer</p><p>seems equivalent to Scheme 3's read-write</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Operator</p><p>-- read-only flag on the operation</p><p>-- resource-address</p><p>-- operation name</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Monitor</p><p>-- read-only flag on the operation</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h4>Scheme 3:</h4><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Read-only</p><p>-- read-only flag on the operation</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Read-write</p><p>-- "security privileged" flag attribute</p><p>-- "security privileged" flag on resource</p><p>-- attribute value is a vault expression?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Privileged</p><p>-- none; user is root</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Comment by <a href="https://community.jboss.org/docs/DOC-48596">going to Community</a></p>
<p style="margin: 0;">Create a new document in JBoss AS 7 Development at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>