Remote authenticator authorizer
Download
1 / 26

Remote Authenticator /Authorizer - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on
  • Presentation posted in: General

Remote Authenticator /Authorizer. Instructor: 張顧耀 老師 Student: 曾冠樺. Author and Source. Author: Eduardo B. Fernandez and Reghu Warrier Dept. of Computer Science and Eng.Florida Atlantic University Boca Raton, FL, USA Source: PLoP 2003. Outline. Introduction Intent Example

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Remote Authenticator /Authorizer ' - kamana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Remote authenticator authorizer

Remote Authenticator /Authorizer

Instructor:張顧耀 老師

Student:曾冠樺


Author and source
Author and Source

  • Author:

    Eduardo B. Fernandez and Reghu Warrier

    Dept. of Computer Science and Eng.Florida

    Atlantic University Boca Raton, FL, USA

  • Source:

    PLoP 2003


Outline
Outline

  • Introduction

  • Intent

  • Example

  • Problem of this Example

  • Forces

  • Solution

  • Implementation

  • Consequence


Introduction
Introduction

  • Many distributed systems need to access shared resources.

  • We need a secure and easily manageable authentication and authorization mechanism.


Introduction1
Introduction

  • We present here a pattern called remote authentication/authorization pattern.

  • This is a composite pattern consisting of two known patterns:

  • Proxy.

  • Role-Based Access Control.


Intent
Intent

  • Provide facilities for authentication and authorization when accessing shared resources in a loosely-coupled distributed system.


Example
Example

  • A multinational corporation in the US and Brazil.

  • Assume an employee from the US is traveling to Brazil and has the need to access some data from the Brazilian database servers.


Example1
Example

  • There are two possible ways to achieve this

  • Replicate.

  • Borrow.

    Both of these solutions have their disadvantages.


Problem of this example
Problem of this example

  • How can we provide authentication and authorization in a distributed environment without the need for redundant user login information?

  • The changes of the consumer activities.


Forces
Forces

  • No more redundant.

  • Transparent.

  • Standardize the roles.

  • Keep the user ID.


Solution
Solution

  • Set up a single entry point that can transparently redirect the user to the correct server where his user login and access information can be validated.


Solution proxy pattern
Solution: Proxy Pattern

  • Definition:

    Provide a surrogate or placeholder for another object to control access to it.


Solution proxy pattern1
Solution: Proxy Pattern

{   // Mainapp test application   class MainApp  {    static void Main()    {      // Create math proxy       MathProxy p = new MathProxy();      // Do the math       Console.WriteLine("4 + 2 = " + p.Add(4, 2));      Console.WriteLine("4 - 2 = " + p.Sub(4, 2));      Console.WriteLine("4 * 2 = " + p.Mul(4, 2));      Console.WriteLine("4 / 2 = " + p.Div(4, 2));      // Wait for user       Console.Read();    }  } 


Solution proxy pattern2
Solution: Proxy Pattern

  •   // "Subject"   public interface IMath  {    double Add(double x, double y);    double Sub(double x, double y);    double Mul(double x, double y);    double Div(double x, double y);  }  // "RealSubject"   class Math : IMath  {    public double Add(double x, double y){return x + y;}    public double Sub(double x, double y){return x - y;}    public double Mul(double x, double y){return x * y;}    public double Div(double x, double y){return x / y;}  }


Solution proxy pattern3
Solution: Proxy Pattern

  •  // "Proxy Object"   class MathProxy : IMath  {    Math math;    public MathProxy()    {      math = new Math();    }    public double Add(double x, double y)    {       return math.Add(x,y);     }    public double Sub(double x, double y)    {       return math.Sub(x,y);     }    public double Mul(double x, double y)    {       return math.Mul(x,y);     }    public double Div(double x, double y)    {       return math.Div(x,y);     }  }}


Solution role based access control pattern
Solution: Role Based Access Control Pattern

  • Problem:

    Web-based systems have a variety of users: company employees, customers, partners, search engines, etc.

    How to assign rights to users according to their roles.


Solution role based access control pattern1
Solution: Role Based Access Control Pattern

  • Forces:

  • Different needs for access to information.

  • Storing.

  • Define precisely.

  • Users may have more than one role.

  • Hierarchies of roles, with inheritance of rights.

  • to individual users or to groups of users.


Solution role based access control pattern2
Solution: Role Based Access Control Pattern

Classes User and Role describe the registered users and the predefined roles, respectively. Users are assigned to roles, roles are given rights according to their functions. The association class Right defines the access types that a user within a role is authorized to apply to the protection object. In fact, the combination Role, ProtectionObject, and Right is an instance of the Authorization pattern.




Implementation
Implementation

  • Remote Authentication Dial-In User Service (RADIUS) is a widely deployed IETF protocol enabling centralized authentication, authorization, and accounting for network access




Consequence advantage
Consequence: Advantage

  • Roaming.

  • Store the user login and access rights at a single location.

  • The user's login ID, password etc. are stored in the internal RADIUS database or can be accessed from an SQL Database.

  • Transparent.

  • Units such as active cards [ACS] allow complex request/challenge interactions.


Consequence disadvantage
Consequence: Disadvantage

  • The additional messages used increase overhead, thus reducing performance for simple requests.

  • The system is more complex than a system that directly validates clients.


The end
The End

Thank You!!!


ad
  • Login