CESP-Access
Cybercom Enhanced
Security Platform

Access control in CESP is performed by CESP-Access. Once the user
has bee...
#2-12-2009
Cybercom
CESP-Access




CESP-Access                                                 Technical Data
The Access ...
Cybercom
CESP-Access




Axiomatic Policy Server (APS)                             CESP-Access PEP
Once the user has been ...
Cybercom
CESP-Access




About Cybercom                                            Contact Details
The Cybercom Group is a...
Upcoming SlideShare
Loading in...5
×

Cybercom Enhanced Security Platform, CESP-Access

528

Published on

Access control in CESP is performed by CESP-Access. Once the user
has been uniquely identified his/her ability to access data or application
is checked. The PEP (policy Enforcement Point) is the gatekeeper that
collects data about the caller and the request. This data is the sent to
the Authorization Engine that performs this check. The Authorization
Engine uses the Axiomatic Policy Server to evaluate the policies.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
528
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cybercom Enhanced Security Platform, CESP-Access

  1. 1. CESP-Access Cybercom Enhanced Security Platform Access control in CESP is performed by CESP-Access. Once the user has been uniquely identified his/her ability to access data or application is checked. The PEP (policy Enforcement Point) is the gatekeeper that collects data about the caller and the request. This data is the sent to the Authorization Engine that performs this check. The Authorization Engine uses the Axiomatic Policy Server to evaluate the policies.
  2. 2. #2-12-2009 Cybercom CESP-Access CESP-Access Technical Data The Access Control is evaluating if an actor has the The components of CESP-Access are built with Mi- required attributes to get access to a requested crosoft’s .NET technology to ensure efficient integra- service. An actor can be a physical person or another tion with other .NET based applications. It may also service that needs access to one or more resources. integrate with legacy systems by using adapters that interpret log messages stored in text files. Access is based on the all the user attributes. The ap- plication can, based on these attributes, grant access Additionally, CESP-Access is built according to the to the information based on its own access policies. Service Oriented Architecture (SOA) model and The technique used is ABAC (Attribute Based Access provides Web Service interfaces which enables easy Control). This way of granting access give much more integration with other applications and technical flexibility that traditional access control that is based platforms, such as Java based systems. on groups or roles. This flexible access control system also reduce the burden of an extensive administration of groups and roles when a lot of different applica- tions can be accessed using the CESM-ID Single Sign- On functionality. The rules that govern the access policies are managed using a graphical user interface that makes it very easy and intuitive to define and test different access control rules. Page 2
  3. 3. Cybercom CESP-Access Axiomatic Policy Server (APS) CESP-Access PEP Once the user has been uniquely identified his/her All calls to a service always pass a check point that ability to access data or application is checked. APS helps the service to determine if a request for an is the authorization engine in CESP. The authoriza- activity should be performed or if the call should be tion process is performed in the same way across the rejected. This function is called PEP (Policy Enforce- whole CESP. ment Point). Access policies are defined using rules that are based The PEP doesn’t take this decision on its own but on eXtensible Access Control Markup Language rather its task is to collect all facts about the prop- (XACML). XACML is an OASIS standardized XML erties of the caller, the attribute of the requested language that besides the possibility to express access resources and other facts about the context in which control rules also give a possibility to formulize the the call is done. All this information is packed and way that rules should be interpreted and combined sent to the Access Control service that takes a deci- based on the attributes of the different entities that sion if the call should be accepted or rejected they are applied on. The access control policies are stored in the Access Control Service. CESP-Access PDP The right to get access to the resources is based on CESP-Access Authorization Process the attributes of the requestor ant the attributes of This following sections section gives an overview of the resource that is requested. This function is called the authorization process and the function of the PEP PDP (Policy Decision Point) and is located in the (Policy Enforcement Point) and the PDP (Policy Deci- access control service. The information is sent as a sion Point). XACML Request Context. The service call delivers a SAML ticket which contains All policies and rules are stored in the access control the caller’s attribute. This ticket has typically been service. Based on these policies and rules and the produced by CESM-ID. information from the PEP an access decision is taken. The decision is sent back to the PEP in a XACML Re- This ticket is then processes by the PEP and the PDP sponse Context. The service can then get the decision in accordance with the access policies that is defined from the PEP and depending on the answer allow the using the XACML language. caller to get access to the requested resources or not. Page 3
  4. 4. Cybercom CESP-Access About Cybercom Contact Details The Cybercom Group is a high-tech consultancy that For further information, please contact: offers global sourcing for end-to-end solutions. The Henrik Johansson, Business Unit Manager Group established itself as a world-class supplier in henrik.johansson@cybercomgroup.com these segments: security, portal solutions, mobile +46 70 825 00 80 services, and embedded systems. or vistit our website www.cybercom.com Thanks to its extensive industry and operations ex- perience, Cybercom can offer strategic and techno- logical expertise to these markets: telecom, industry, media, public sector, retail, and banking and financial services. The Group employs 2,000 persons and runs projects worldwide. Cybercom has 28 offices in 11 countries. Since 1999, Cybercom’s share has been quoted on the NASDAQ OMX Nordic Exchange. The company was launched in 1995. Page 4 Cybercom Group Europe AB (publ.) P.O. Box 7574 · SE-103 93 Stockholm · Sweden Phone: +46 8 578 646 00 · www.cybercom.com

×