Access
Road Documentation
Access control analysis
Documentation
Examples of access control design
with diagrams | Functional Quality
Matrix | Non-Functional Quality Matrix
| General Use Case | Access
Road Architecture
Generic access control
system model
In information systems, the accesses
are based on two concepts :
- access done
in and between the information systems,
- access rights that are managed
by all the varied access control systems (ACS) that participate
to the access control in an information system.
For exemple, lets consider a distributed
environment where a web server with Linux and Apache, connects
http users to a database on a Windows NT server through an
object request broker. The access control systems (ACS) may be
:
- on the Web server : Apache and
Linux,
- on the local network and middleware:
the firewall and the object request broker,
- on the database server : Windows
NT and the database system.
In Access Road, one single information
system may be modeled, or multiple interconnected information
systems. Each information system has one or several access control
systems. Access controls are designed and synthetized in this
context.
The first generic conceptual model
is a simplified diagram class in UML. It describes access in information
systems. It's generic in the mean that it is independant of a
specific ACS. It's conceptual because it doesn't describe the
effective classes in the implementation or even the interfaces
in the design. It must be viewed as a specification element.
There is three levels in the model
:
- the reality level, that covers
both the human, organisational, material ou technical domains
of the reality. In this reality, there are RealEntities concerned
by accesses.
- the information system level,
where a RealEntity is identified in the concept of EntityIS (for
exemple, a human - RealEntity - is identified by a personal
name or a number),
- the access control level, where
an EntityIS corresponds to an EntityACS (for exemple, the ACS
may be an add-on system that forbids connexions between 10 pm
and 6 am ; only a general EntityACS is then used with the simple
criteria of the time).
Four concepts are in the front
line in access :
- Resource, which is the entity accessed in the information
system and controlled by the ACS. For exemple, these are
computers, files, applications, relationals tables.
- Actor, which is entity who access to the resources, like
an human user, a distant system, an application. Note :
application is an exemple of entity that is both resource and
actor.
- Access Rights for a couple (actor, resource), including
the exclusions, that are managed by the access control system,
- Access Done for a couple (actor, resource), that
is done by the information system under the control of access
control systems.
The second generic conceptual
model is a diagram class in UML. It is devoted to access control
systems (ACS).
- This model is used in the design
of a generic ACS. So, the generic conceptual model helps to provide
a consistent and unified view of the main concepts implied
in access control systems.
- A generic model allows a layered
design : a hierarchy of abstractions corresponds to a hierarchy
of implementations. Generic model leads to a framework where
generic design and generic classes can be reused in the design
and the implementation of every actual and future ACS manager
in Access Road.
- Generic model is also usefull
both for the IHM design of Access Road. It can provide to the
Access Road user, a framework for the analysis of complex situations.
Three concepts are in the front
line :
- Resource, which is the ACS view of the entity
accessed in the information system and controlled by the
ACS. For exemple, these are computers, files, applications,
relationals tables.
- Actor, which is the ACS view of the entity who access
to the resources, like an human user, a distant system,
a software.
- Eligible Party, which is the median concept that allows an
actor to be eligible for an access to a resource. For exemple, an
account in an operating system is an eligible party, because
it allows a human user logged into this account, to be eligible
to an access.
There is also access right, which
authorize or forbid access. Access rights are tightly connected
to resources and eligible parties. In every ACS, actor's
rights depend on the multiple eligible parties which may be
connected to the actor. For exemple, in an operating system, an user
is logging into an account which belongs to one group. His access
rights on a resource depend on the access rights of the account
and the access rights of the group.
Numerous ACS may participate to
the final access rights of an EntityIS to a resource. The
final rights depend on the specific access rights in every
ACS, following simple or very complex rules. Moreover, an
EntityIS may be identified with different names in several
ACS. Lets consider an executable as an resource. In an operating
system, it may be simply identified as a repository (or a
folder) with specific rights, but in a transaction processing
monitor, it may be identified as a transaction with another
specific rights, or as a component of a transaction.
Let's see the generic
access control system model in UML, that details the concepts
connected to resources, actors and eligible parties.
These generic
models define so, in the more general case, four layers of access
rights that are applied to every entity :
- ACS-EP access
rights for an eligible party or resource, considering couples (eligible
party, resource) in a specific ACS - this layer is the only one
coded in the Access Road database,
- ACS-A access
rights for an EntityACS as actor or resource, considering couples
(actor, resource) in a specific ACS - this layer is derived
from the precedent,
- IS access
rights for an EntityIS as actor or resource, considering couples (actor, resource),
which are the effective access rights in the information
system, with all the implied ACS - this layer is derived from
the precedent,
- Effective
access rights for a RealEntity, covering all the implied information
systems in the real world - this layer is derived from the precedent.
Documentation
Examples of access control design
with diagrams | Functional Quality
Matrix | Non-Functional Quality Matrix
| General Use Case | Access
Road Architecture
© Copyright 2000 TPA Conseil -
All Rights Reserved.