MACE-Paccman WG Meeting, October 5, 2009

MACE-Paccman Working Group Meeting
2009 Internet2 Fall Member Meeting
October 5, 2009

Tom Dopirak (Carnegie Mellon and chair of the working group) provided a brief overview of the MACE-Paccman working group. He also encouraged people to contribute to the MACE-Paccman taxonomy (https://spaces.internet2.edu/x/qoI0). The project is building a list of terms and definitions.

Based on its charter, the working group has established these desired outcomes:

1) frameworks and roadmaps for execs and architects
2) document common requirements
3) proposals for new software and standards
4) recipes, techniques and position papers
5) conferences and workshops
a. The Internet2/Educause identity and access management CAMP was the first (June 2009)
6) develop broadly understood use cases

Paul Hill (MIT) reviewed a number of action items that he was assigned, mainly to add/revised items in the glossary related to Function, Subject, Action, and Scope. He focused mainly on the term “function.”

Function, Action, and Verb are close synonyms within the privilege and access control domain. They are used interchangeably in the tuple data model, where a privilege is defined by Subject + Function + Scope.

Examples:
Subject + Function + Scope
Joe + Can Access + Oxford English Dictionary Online
Jane + Can Download + MS Office 2007
Jim + Can Create Functions + In category HR
Juan + Can Spend or Commit + On Cost Object Q678543
Attila + Can Approve + On Cost Object Q678543
James + is a Principal Investigator + in School of Science

He also discussed the term, Role. Colloquially we use "roles" very broadly. In higher education, some of the common roles are Dean, Department Chair, Principal Investigator, Faculty, and Post-Doc, for example.

In the context of privilege management and access control, a Role-centric model presumes that, given the precise position or title of a person within an organization, the privilege management system can draw conclusions about what privileges should be granted to the person.

Roles may also be thought of as meta-privileges which are used a short hand for granting a wide range of finer-grained privileges to someone that "has the role." It is also noted that a Role may imply one or more Roles. For example a Department Chair will also be presumed to be a Faculty member.

Modeling roles can be problematic. In some systems it may be appropriate to define a role of "Dean" while in other systems it may be important to create "Dean of Biology" or "Dean of School of Science." It is important to understand how the modeling will impact the finer-grained privileges that will be conveyed to the individuals associated with specific roles for a particular implementation.

Michael Pelikan (Penn State) suggested a review of the glossary for terms that are used, but are not defined. For example, the definition for Attribute discusses Objects, but the term Object is not defined in the glossary. Authentication includes the term “level of trust,” but that phrase is not defined in the glossary. There are a number of other examples.

There was also a discussion of cases in which a term’s use in the field of access and privilege management may not necessarily be the same as that term is used in the natural language. Such terms should also be defined within the glossary.

---------------
perMIT – Paul discussed the perMIT privilege management system at MIT. MIT has had a role-based system in place for more than a decade and perMIT is the next generation. Once complete, it will be available as an open-source project.

---------------
Access management use cases – Rob Carter (Duke) discussed the group of use cases developed at the identity and access management CAMP in June 2009. There are now more than 40 cases on the CAMP wiki (https://spaces.internet2.edu/x/3YQ9). The use cases are grouped in categories (e.g. business, academic, library, etc.). The next step is to develop a taxonomy of use cases and begin applying solutions. A future MACE-Paccman call will be devoted to this use case challenge.

---------
The Tao of Attributes – Ken Klingenstein (Internet2) discussed a workshop held by the GSA in Washington, DC, last week entitled the Tao of Attributes (http://middleware.internet2.edu/tao-of-attributes/). NIST has announced that it is engaged in “risk-adaptable authorization,” described as the next generation of access control to mitigate the risks of accidental disclosure. There was also a conversation about HL-7 and medical records and a discussion to move HL-7 into XML to make medical records smaller and be able to provide access control to various segments of the same record. There was a fair amount of time spent on medical records and the potential for attributes (even self-asserted attributes) in this space.