Transcript http://csrc.nist.gov/rbac/EDAC-presentation.ppt

COMPACFLT - EDAC
Enterprise Dynamic Access Control (EDAC)
Point of Contact:
Richard Fernandez
(808) 474-9270
Approved for public release; distribution is unlimited.
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
COMPACFLT - EDAC
For licensing information contact:
Stephen Lieberman
Voice: (619) 553-2778
Mobile: (619) 606- 5940
Email: [email protected]
For comments regarding this product contact:
Richard Fernandez
Voice: (808) 474-9270
Email: [email protected]
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Outline
Access control background
Access control lists
Groups
NIST RBAC standard
SEAC RBAC
Customer furnished and maintained assets
How it works
Product overview
Interoperability
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Access Control Lists (ACL)
User name or unique identifier associates access to resources
Project Tracker ACL
Peter Smith
Peter Smith
Ed Jones
Steve Hall
John Doe
Project Tracker
(resource)
Peter Smith
Project Tracker ACL
Tim Watts
Peter Smith
Ed Jones
Steve Hall
John Doe
Project Tracker
(resource)
Tim Watts
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Groups
User associated to a group and group associated to resources
Project Tracker
Groups
COMPACFLT Group
Peter Smith
Peter Smith
Ed Jones
Steve Hall
COMPACFLT
MIDPAC Group
Ed Jones
Peter Smith
Ed Jones
Steve Hall
COMPACFLT
COMNAVREG
COMSUBPAC
Project Tracker
(resource)
COMPACFLT
Project Tracker
(resource)
Project Tracker
Groups
MIDPAC
COMPACFLT
COMNAVREG
COMSUBPAC
MIDPAC
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Essentials for resource access
Necessary requirement to access resources:
•Not a user name
•Not a unique identifier
•Not a group association
•List of user characteristics
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
What are user characteristics
User characteristics (user profile)
•Where client works: organization
•What security credentials: clearance
•What pay category: pay grade
•What branch : service
•What vocation: job function
•etc
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Examples of User Profiles
•User profile is a unique list of user characteristics.
•A client may have more than one user profile.
•User attributes should be compiled from an authoritative
data source(s) on a real-time basis.
Categories
Organization:
Clearance:
Paygrade:
Service:
Function:
COMPACFLT
CPF N65
Secret
DP3
DoD
Program Manager
USNR
Naval Intel
Top Secret
02
DoNR
Intelligence
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Impact on resource access
The following can affect resource access:
•Transfer to another organization
•Loss of security clearance
•Change in job title
•Job promotion
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Problems with ACLs and Groups
Maintaining an updated ACL or group is time
consuming.
Situation worsens when:
•Number of users increase
•Number of resources increase
Resource access
management
manhours
Number of Users and
Resources
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
NIST RBAC compliance
Because of ACL and group limitations:
The National Institute of Standards and
Technology (NIST) RBAC is an American
National Standard - ANSI INCITS 359-2004
(approved 19 Feb 04)
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
NIST RBAC standard
Definitions:
Users and Roles: “…access decisions are based on
the roles that individual users have as part of an
organization.
"Access rights are grouped by role name…
Role hierarchies: "Under RBAC, roles can have
overlapping responsibilities and privileges;
Roles and Operations: "Organizations can establish
the rules for the association of operations with roles.
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Access control comparison
How access control solutions can
simultaneously evaluate user characteristics.
Simultaneous
Simultaneous evaluation evaluation of multiple
of multiple object
object characteristic &
characteristics &
environmental
environmentals
hierarchies
Real-time
detection of object
characteristic
changes, thus
affecting resource
access
ACLs
0
No
No
Groups
1
No
No
EDAC
Unlimited
Yes
Yes
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Customer meta-database background
Relational database data duplicated on a directory
service.
Customer Personnel
Database(s)
Clearance
fouo
confidential
secret
top secret
Organization
finance
marketing
operations
Billettitle
developer
project manager
welder
chef
plumber
Paygrade
GS1
GS2
GS3
GS4
GS5
GS6
Customer MetaDatabase(s)
o=Enterprise
ou=Clearance
ou=fouo
ou=confidential
ou=secret
ou=top secret
ou=Billettitle
ou=developer
ou=project
ou=manager
ou=welder
ou=chef
ou=plumber
ou=Paygrade
ou=GS1
ou=GS2
ou=GS3
ou=GS4
ou=GS5
ou=GS6
o=Local
ou=Organization
ou=finance
ou=budgeting
ou=accounting
ou=marketing
ou=sales
ou=advertisement
ou=opertions
ou=quality control
ou=manufacturing
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Customer meta-database specifications
o=Enterprise
Name assigned
to reference
directory. A
directory name is
assigned an
X500 "o"
attribute.
ou=Branch
Reference
category directly
underneath
directory domain
name. All
reference
descriptors are
assigned an
X500 "ou"
attribute.
ou=FRGN
Reference value
directly
underneath
reference
category in a flat
structure. All
reference values
are assigned an
X500 "ou"
attribute.
ou=Secret
Reference value directly
underneath Clerance
reference category in a
hierarchal structure. All
reference values are
assigned an X500 "ou"
attribute.
•Customer meta-database
•LDAP v 3/DSML directory
•X500 class objects
• organization
• organizationalUnit
•Scalable
• unlimited entries
• modifications allowed
•Structure designation
• domain
• reference category
• values
•Structure
• flat
• hierarchal
•Maintained
• local commands
• regional commands
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
Customer meta-database domain
Domain consist of global and regional directories.
Customer
meta-database domain
Global
customer meta
database 1
customer meta
database n
Region A
customer meta
database 1
customer meta
database n
Region B
customer meta
database 1
customer meta
database n
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
User Profile Manager
User selects a profile to determine resource access.
Mgmt constraints on user profile selections
Clearance
fouo
confidential
secret
top secret
Organization
finance
marketing
operations
Customer
Personnel
Database(s)
Billettitle
developer
project manager
welder
chef
plumber
Paygrade
GS1
GS2
GS3
GS4
GS5
GS6
User selects a profile
2
1
Customer
User Profile Manager service
SPAWAR Profile
clearance: secret
organization: engineering
billettitle: project manager
paygrade: GS13
COMPACFLT Profile
clearance: top secret
organization: engineering
billettitle: developer
paygrade: GS13
3
EDAC
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
How the EDAC works
Customer Meta-Database
RBAC
Condition
Manager
Interface
Step 1:
Resource manager establishes
a set of conditions to access a
resource.
These set of conditions
represent a resource profile.
T
Resource Profile
ou=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
ou=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise
RBAC
Resource
Directory
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
How the EDAC works
Customer Meta-Database
Customer User
Profile Manager
Interface
Step 2:
An effective RBAC requires
real-time creation of user
profile(s) from authoritative
data source(s).
Customer Personnel
Database
Structure
Format
Service
Reference Categories
assignedCommand
clearance
paygrade
Attributes
N65
Secret
GS3
User Profile
ou=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
ou=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise
ou=GS3, ou=GS2, ou=GS1, ou=Paygrade, o=Enterprise
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
How the EDAC works
Step 3:
The RBAC Rules Engine compares User and
Resource Profiles to determine resource access.
User Profile
ou=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
ou=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise
ou=GS3, ou=GS2, ou=GS1, ou=Paygrade, o=Enterprise
Customer Resource
Database
Project Tracker (resource)
Access token for
Project Tracker
HR Service (resource)
RBAC
Rules Engine
Payroll Application
(resource)
Repository Service
T
Project Tracker Resource Profile
ou=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
ou=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC – Resource profiles
Resource Roles
for
Project Tracker
Resource Profiles
CPF Guest
T
COMPACFLT
CNR Guests
CSP Guest
T
T
COMSUBPAC
COMNAVREG
•Resource roles
•Allow & Deny profiles
•Exact and subtree conditions
•Time constraints
N7
Guest
DoD
Tuesdays
1700 -2300
CPF N6 Users
T
User
CPF N6
Deny Contr Users
T
CPF N6
Secret
T
GS12
CONTR
Mon & Thurs
0800 -1300
CPF Admin
CPF N65
T
Administrator
TS
Deny CPF N65 Admin
T
CPF N65
CONTR
Mon & Thurs
0800 -1300
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC – Resource profiles
Allow
Resource
Profile
Deny
Resource
Profile
ACME Corporation
Finance
Accounting
Payroll
Marketing
Surveyors
Advertising
Operations
Assembly Line
Parts
Maintenance
Sales
Pre-sales
Post-sales
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC – Security levels
During INFOCON B
CPF
Guest
Guest
N
7
T
CPF N6
Users
INFOCON A
User
During INFOCON C
CSP Guest
T
CNR
Guests
Guest
CPF N6
Users
INFOCON A
T
CPF
Admin
N
7
T
Deny Contr
Users
T
T
CPF
Guest
T
User
CSP Guest
T
Deny Contr
Users
T
T
T
Deny CPF
N65 Admin
CPF
Admin
Deny CPF
N65 Admin
T
T
Admin
Admin
T
T
CPF
Guest
Guest
N
7
T
CPF N6
Users
INFOCON B
User
CSP Guest
T
CNR
Guests
Guest
CPF
Admin
N
7
T
Deny Contr
Users
CPF N6
Users
T
T
CPF
Guest
T
INFOCON B
T
User
CSP Guest
T
Deny Contr
Users
T
CPF
Admin
Deny CPF
N65 Admin
T
T
Admin
T
T
CPF
Guest
N
7
T
CPF N6
Users
INFOCON C
User
CSP Guest
T
CNR
Guests
Guest
CPF
Admin
CPF N6
Users
INFOCON C
User
CNR
Guests
T
Deny Contr
Users
T
CPF
Admin
T
Deny CPF
N65 Admin
T
Admin
T
T
CPF
Guest
N
7
T
CPF N6
Users
INFOCON D
CSP Guest
T
T
T
Deny CPF
N65 Admin
Admin
User
N
7
T
Deny Contr
Users
T
T
CPF
Guest
T
T
Guest
CNR
Guests
T
•Pre-configure conditions
under each security level.
•RBAC Rules Engine
evaluates only conditions for
prevailing security level.
T
T
Deny CPF
N65 Admin
Admin
Guest
CNR
Guests
T
CSP Guest
T
CPF
Admin
N
7
T
Deny Contr
Users
T
Admin
CPF
Guest
Guest
T
T
CNR
Guests
T
CPF N6
Users
INFOCON D
User
CSP Guest
T
CNR
Guests
T
Deny Contr
Users
T
T
T
Deny CPF
N65 Admin
CPF
Admin
T
Deny CPF
N65 Admin
T
Admin
T
T
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC – Model
EDAC standard initiative:
•Interchangeable modular access control
components
•Minimum salient features
•Protocol between components
•Standard tie-ins between customer assets
and access control system
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Model
Customer furnished and
maintained assets
EDAC Process
(A) Administrative Service establishes resource
containers, CMD referrals,
RM accounts.
Enterprise Dynamic
Access Control (EDAC)
Repository
Service
A1
Administrative
Service
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Model
Customer furnished
and maintained assets
Enterprise Dynamic
Access Control (EDAC)
Condition
Manager
Service
EDAC Process
(B) Condition manager
Service - Establishes
and edits conditions to
access resources.
B2
B1
Customer
MetaDatabase
(CMD)
Repository
Service
A1
Administrative
Service
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Model
Customer furnished
and maintained assets
Enterprise Dynamic
Access Control (EDAC)
Condition
Manager
Service
EDAC Process
(C) Condition
deprecator Service listens for CMD content
changes and flags
unmatched or
unreachable conditions.
B2
B1
Repository
Service
Customer
MetaDatabase
(CMD)
C2
Condition
Deprecator
Service
C1
A1
Administrative
Service
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Model
Customer furnished
and maintained assets
Enterprise Dynamic
Access Control (EDAC)
Condition
Manager
Service
EDAC Process
(D) Customer
Environmental Interface
- furnishes
environmental updates.
B2
B1
Repository
Service
Customer
MetaDatabase
(CMD)
C2
Condition C1
Deprecator
Service
A1
Administrative
Service
D1
Environmental
Interface(s)
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Model
Customer furnished
and maintained assets
Enterprise Dynamic
Access Control (EDAC)
Structure
Format
Service
Customer
Personnel
Database
E2
E1
Object
Profile
Manager
Service
Condition
Manager
Service
EDAC Process
(E) Customer Object
profile manager Service
- object characteristic
compilation, selection
and formatting.
E4
B2
E3
B1
E5
Customer
MetaDatabase
(CMD)
C2
Rules
Engine
Service
Condition C1
Deprecator
Service
Repository
Service
A1
Administrative
Service
D1
Environmental
Interface(s)
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Model
Customer furnished
and maintained assets
Enterprise Dynamic
Access Control (EDAC)
Structure
Format
Service
Customer
Personnel
Database
Condition
Manager
Service
E2
E1
Object
Profile
Manager
Service
Customer
MetaDatabase
(CMD)
E4
B2
E3
B1
E5
Rules
Engine
Service
F1
Repository
Service
F2
C2
Customer
Portal
Condition C1
Deprecator
Service
A1
Administrative
Service
F3
Customer
Resources
(Applications)
EDAC Process
(F) Rules Engine
Service - evaluates
object and conditions to
determine object
resource access.
D1
Environmental
Interface(s)
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC – Interoperability
EDAC interoperable among regions:
•Set conditional access for remote users
•Domain customer meta-databases
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
Pearl Harbor: resource profile
created for local resource access.
Enterprise
customer
metadatabase
Condition
Manager
Interface
Pearl
Harbor
customer
metadatabase
Resource Profile CPF
CPF N651
Top Secret
GS12
Pearl Harbor
DoD
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
Pearl Harbor: local user
profile is generated to
access a local resource.
Enterprise
customer
metadatabase
Condition Setting
Interface
Pearl
Harbor
CPF User Profile
CPF N651
Top Secret
GS12
Program Manager
customer
metadatabase
Resource Profile CPF
CPF N651
Top Secret
GS12
Pearl Harbor
DoD
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
Enterprise
customer
metadatabase
Condition Setting
Interface
Pearl
Harbor
Pearl Harbor: user and
resource profiles are
evaluated by rules engine to
determine local resource
access.
customer
metadatabase
CPF User Profile
CPF N651
Top Secret
GS12
Program Manager
Resource Profile CPF
CPF N651
Top Secret
GS12
Pearl
Harbor
RBAC
Pearl
Harbor
Customer
resources
Pearl Harbor
DoD
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
San
Diego
Enterprise
customer
metadatabase
customer
metadatabase
Condition
Manager
Interface
Pearl Harbor: A
resource profile to allow
remote users access to
local resources.
Resource Profile SD
SD N651
Top Secret
GS12
Pearl Harbor
DoD
San Diego
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
San Diego: user profile
generated.
San
Diego
Enterprise
customer
metadatabase
customer
metadatabase
Condition
Manager
Interface
SD User Profile
SD N651
Top Secret
GS12
Developer
Resource Profile SD
SD N651
Top Secret
GS12
Pearl Harbor
DoD
San Diego
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
San
Diego
Enterprise
customer
metadatabase
Condition
Manager
Interface
customer
metadatabase
Pearl Harbor: San Diego
user evaluated for Pearl
Harbor resource access.
SD User Profile
SD N651
Top Secret
GS12
Developer
Resource Profile SD
SD N651
Top Secret
GS12
Pearl
Harbor
RBAC
Pearl
Harbor
Customer
resources
Pearl Harbor
DoD
San Diego
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC - Interoperability
San
Diego
Enterprise
customer
metadatabase
San Diego: same user evaluated
for San Diego resource access.
customer
metadatabase
Condition
Manager
Interface
SD User Profile
SD N651
Top Secret
GS12
Developer
Resource Profile SD
SD N651
Top Secret
GS12
San Diego
RBAC
San
Diego
Customer
resources
DoD
San Diego
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for
commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012,
San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
EDAC – Interoperability
San
Diego
Enterprise
customer
metadatabase
customer
metadatabase
Condition Setting
Interface
Condition Setting
Interface
Pearl
Harbor
customer
metadatabase
CPF User Profile
CPF N651
Top Secret
GS12
Program Manager
Resource Profile CPF
CPF N651
Top Secret
GS12
SD User Profile
SD N651
Top Secret
GS12
Developer
Resource Profile CPF
CPF N651
Top Secret
GS12
Resource Profile SD
SD N651
Top Secret
GS12
Resource Profile SD
SD N651
Top Secret
GS12
Pearl
Harbor
RBAC
San Diego
RBAC
Pearl Harbor
San
Diego
Customer
resources
Pearl Harbor
Customer
resources
DoD
San Diego
"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial
purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152;
telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
"The United States Government has certain intellectual property rights in the
Enterprise Dynamic Access Control software. This intellectual property is available
for licensing for commercial purposes. Licensing and technical inquiries should be
directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center,
San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001,
facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."
San Diego, CA 92152-5001
Approved for public release; distribution is unlimited.