conventional access control
DESCRIPTION
conventional access control. read policy for submitOrder(). submitOrder () requires [ name,password ] cred. application. client. 2. call submitOrder() including [planky, ****]. claims-based access control: authentication service. submitOrder () requires {role} from sts_authentication. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: conventional access control](https://reader035.vdocuments.us/reader035/viewer/2022062811/56816195550346895dd13b1b/html5/thumbnails/1.jpg)
11
![Page 2: conventional access control](https://reader035.vdocuments.us/reader035/viewer/2022062811/56816195550346895dd13b1b/html5/thumbnails/2.jpg)
2
1. read policy for submitOrder()
conventional access control
client
application
2. call submitOrder() including [planky, ****]
submitOrder() requires [name,password] cred
![Page 3: conventional access control](https://reader035.vdocuments.us/reader035/viewer/2022062811/56816195550346895dd13b1b/html5/thumbnails/3.jpg)
3
1. read policy for submitOrder()
claims-based access control:authentication service
2. read policy for request security token
3. request securitytoken passing [planky, ****]
submitOrder() requires {role} from sts_authentication
{role} requires [name,password] credsecurity tokenservicests_authentication
application
![Page 4: conventional access control](https://reader035.vdocuments.us/reader035/viewer/2022062811/56816195550346895dd13b1b/html5/thumbnails/4.jpg)
4
5. call “submit order” with security token
security tokenservicests_authentication
4. request security token response
{role=purchaser}signed sts_authentication
{role=purchaser}signed sts_authentication
mapping: (planky,****) {role = purchaser}
“submit order” requires {role} from sts_authentication
claims-based access control:authentication service
application
![Page 5: conventional access control](https://reader035.vdocuments.us/reader035/viewer/2022062811/56816195550346895dd13b1b/html5/thumbnails/5.jpg)
5
1. read policy forsubmitOrder()
security token servicests_authorization“authorization claimsprovider”
security token servicests_authentication“identity claimsprovider”
2. read policy for request security
token4. request security token
passing [planky’s kerb ticket]
3. read policy for request security
token
submitOrder() requires {submit order} from
sts_authorization
{submit order} requires {role} claim from sts_authentication
{role} requires[kerb ticket] or
[name/pwd] cred
client
claims-based access controldelegated authentication and authorization
application
![Page 6: conventional access control](https://reader035.vdocuments.us/reader035/viewer/2022062811/56816195550346895dd13b1b/html5/thumbnails/6.jpg)
6
call submitOrder()
client
security tokenservicests_authorization
security tokenservicests_authentication
mapping: planky {role = purchaser}
mapping: {role = purchaser} {submit order = true}
{role=purchaser}signed sts_authentication
{submit order = true}signed sts_authorization
{submit order = true}signed sts_authorization
{role=purchaser}signed sts_authentication
submitOrder() requires {submit order} claim from
sts_authorization
submitOrder() requires {role} claim from sts_authentication
claims-based access controldelegated authentication and authorization
application