COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of - - PowerPoint PPT Presentation

compacflt edac
SMART_READER_LITE
LIVE PREVIEW

COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of - - PowerPoint PPT Presentation

Jun 27, 2023 122 likes •533 views

COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of Contact: Richard Fernandez fernandr@spawar.navy.mil Approved for public release; distribution is unlimited. "The United States Government has certain intellectual property

slide-1
SLIDE 1

COMPACFLT - EDAC

Enterprise Dynamic Access Control (EDAC)

Point of Contact:

Richard Fernandez

fernandr@spawar.navy.mil

Approved for public release; distribution is unlimited.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-2
SLIDE 2

COMPACFLT - EDAC

For licensing information contact: Stephen Lieberman Voice: (619) 553-2778 Mobile: (619) 606- 5940 Email: stephen.lieberman@navy.mil For comments regarding this product contact: Richard Fernandez Voice: (808) 474-9270 Email: richard.r.fernandez@navy.mil

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-3
SLIDE 3

Outline

Access control background Access control lists Groups NIST RBAC standard SEAC RBAC Customer furnished and maintained assets How it works Product overview Interoperability

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-4
SLIDE 4

Access Control Lists (ACL)

User name or unique identifier associates access to resources

Project Tracker ACL

Peter Smith Ed Jones Steve Hall John Doe Peter Smith Project Tracker (resource) Peter Smith

Project Tracker ACL

Peter Smith Ed Jones Steve Hall John Doe Tim Watts Project Tracker (resource) Tim Watts

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-5
SLIDE 5

Groups

User associated to a group and group associated to resources

Project Tracker Groups

COMPACFLT COMNAVREG COMSUBPAC Project Tracker (resource) Peter Smith

COMPACFLT Group

Peter Smith Ed Jones Steve Hall COMPACFLT COMPACFLT

Project Tracker Groups

COMPACFLT COMNAVREG COMSUBPAC Project Tracker (resource) Ed Jones

MIDPAC Group

Peter Smith Ed Jones Steve Hall MIDPAC MIDPAC

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-6
SLIDE 6

Essentials for resource access

Necessary requirement to access resources:

  • Not a user name
  • Not a unique identifier
  • Not a group association
  • List of user characteristics

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-7
SLIDE 7

What are user characteristics

User characteristics (user profile)

  • Where client works: organization
  • What security credentials: clearance
  • What pay category: pay grade
  • What branch : service
  • What vocation: job function
  • etc

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-8
SLIDE 8

Examples of User Profiles

Categories COMPACFLT USNR Organization: CPF N65 Naval Intel Clearance: Secret Top Secret Paygrade: DP3 02 Service: DoD DoNR Function: Program Manager Intelligence

  • User profile is a unique list of user characteristics.
  • A client may have more than one user profile.
  • User attributes should be compiled from an authoritative

data source(s) on a real-time basis.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-9
SLIDE 9

Impact on resource access

The following can affect resource access:

  • Transfer to another organization
  • Loss of security clearance
  • Change in job title
  • Job promotion

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-10
SLIDE 10

Problems with ACLs and Groups

Maintaining an updated ACL or group is time consuming. Situation worsens when:

  • Number of users increase
  • Number of resources increase

Resource access management manhours Number of Users and Resources

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-11
SLIDE 11

NIST RBAC compliance Because of ACL and group limitations: The National Institute of Standards and Technology (NIST) RBAC is an American National Standard - ANSI INCITS 359-2004 (approved 19 Feb 04)

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-12
SLIDE 12

NIST RBAC standard Definitions:

Users and Roles: “…access decisions are based on the roles that individual users have as part of an

  • rganization.

"Access rights are grouped by role name… Role hierarchies: "Under RBAC, roles can have

  • verlapping responsibilities and privileges;

Roles and Operations: "Organizations can establish the rules for the association of operations with roles.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-13
SLIDE 13

Access control comparison

How access control solutions can simultaneously evaluate user characteristics.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

ACLs Groups EDAC

Simultaneous evaluation

  • f multiple object

characteristics & environmentals

1 Unlimited

Simultaneous evaluation of multiple

  • bject characteristic &

environmental hierarchies

No No Yes

Real-time detection of object characteristic changes, thus affecting resource access

No No Yes

slide-14
SLIDE 14

Customer meta-database background

  • =Enterprise
  • u=Clearance
  • u=fouo
  • u=confidential
  • u=secret
  • u=top secret
  • u=Billettitle
  • u=developer
  • u=project
  • u=manager
  • u=welder
  • u=chef
  • u=plumber
  • u=Paygrade
  • u=GS1
  • u=GS2
  • u=GS3
  • u=GS4
  • u=GS5
  • u=GS6
  • =Local
  • u=Organization
  • u=finance
  • u=budgeting
  • u=accounting
  • u=marketing
  • u=sales
  • u=advertisement
  • u=opertions
  • u=quality control
  • u=manufacturing

Customer Meta- Database(s) Customer Personnel Database(s) Billettitle developer project manager welder chef plumber Paygrade GS1 GS2 GS3 GS4 GS5 GS6 Organization finance marketing

  • perations

Clearance fouo confidential secret top secret

Relational database data duplicated on a directory service.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-15
SLIDE 15

Customer meta-database specifications

  • =Enterprise

Name assigned to reference

  • directory. A

directory name is assigned an X500 "o" attribute.

  • u=Branch

Reference category directly underneath directory domain

  • name. All

reference descriptors are assigned an X500 "ou" attribute.

  • u=FRGN

Reference value directly underneath reference category in a flat

  • structure. All

reference values are assigned an X500 "ou" attribute.

  • u=Secret

Reference value directly underneath Clerance reference category in a hierarchal structure. All reference values are assigned an X500 "ou" attribute.

  • Customer meta-database
  • LDAP v 3/DSML directory
  • X500 class objects
  • organization
  • organizationalUnit
  • Scalable
  • unlimited entries
  • modifications allowed
  • Structure designation
  • domain
  • reference category
  • values
  • Structure
  • flat
  • hierarchal
  • Maintained
  • local commands
  • regional commands

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-16
SLIDE 16

Customer meta-database domain

Global customer meta database 1 customer meta database n Region B customer meta database 1 customer meta database n Region A customer meta database 1 customer meta database n

Customer meta-database domain

Domain consist of global and regional directories.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-17
SLIDE 17

Customer Personnel Database(s)

Billettitle developer project manager welder chef plumber Paygrade GS1 GS2 GS3 GS4 GS5 GS6 Organization finance marketing

  • perations

Clearance fouo confidential secret top secret

SPAWAR Profile clearance: secret

  • rganization: engineering

billettitle: project manager paygrade: GS13 COMPACFLT Profile clearance: top secret

  • rganization: engineering

billettitle: developer paygrade: GS13 User selects a profile Customer User Profile Manager service EDAC

1 3 2

User Profile Manager

User selects a profile to determine resource access. Mgmt constraints on user profile selections

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-18
SLIDE 18

How the EDAC works

Step 1: Resource manager establishes a set of conditions to access a resource. These set of conditions represent a resource profile.

Customer Meta-Database RBAC Condition Manager Interface RBAC Resource Directory Resource Profile

  • u=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
  • u=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise

T "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-19
SLIDE 19

How the EDAC works

Step 2: An effective RBAC requires real-time creation of user profile(s) from authoritative data source(s).

User Profile

  • u=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
  • u=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise
  • u=GS3, ou=GS2, ou=GS1, ou=Paygrade, o=Enterprise

Customer Meta-Database Structure Format Service Reference Categories assignedCommand clearance paygrade Attributes N65 Secret GS3 Customer Personnel Database Customer User Profile Manager Interface

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-20
SLIDE 20

How the EDAC works

Step 3: The RBAC Rules Engine compares User and Resource Profiles to determine resource access.

RBAC Rules Engine Repository Service Customer Resource Database Project Tracker (resource) HR Service (resource) Payroll Application (resource) Project Tracker Resource Profile

  • u=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
  • u=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise

T

User Profile

  • u=N65, ou=N6, ou=CPF, ou=assignedCommand, o=CPF
  • u=secret, ou=confidential, ou=fouo, ou=clearance, o=Enterprise
  • u=GS3, ou=GS2, ou=GS1, ou=Paygrade, o=Enterprise

Access token for Project Tracker

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-21
SLIDE 21

EDAC – Resource profiles

  • Resource roles
  • Allow & Deny profiles
  • Exact and subtree conditions
  • Time constraints

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-22
SLIDE 22

EDAC – Resource profiles

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

ACME Corporation Finance Accounting Payroll Marketing Surveyors Advertising Operations Assembly Line Parts Maintenance Sales Pre-sales Post-sales

Deny Resource Profile Allow Resource Profile

slide-23
SLIDE 23

EDAC – Security levels

INFOCON A

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON B

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON C

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON D

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON A

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON B

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON C

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

INFOCON D

Guest

CSP Guest

N 7

CPF Guest CNR Guests

User Admin

CPF N6 Users CPF Admin Deny CPF N65 Admin

T

Deny Contr Users

T T T T T T T

During INFOCON B During INFOCON C

  • Pre-configure conditions

under each security level.

  • RBAC Rules Engine

evaluates only conditions for prevailing security level.

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-24
SLIDE 24

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

EDAC – Model

EDAC standard initiative:

  • Interchangeable modular access control

components

  • Minimum salient features
  • Protocol between components
  • Standard tie-ins between customer assets

and access control system

slide-25
SLIDE 25

EDAC - Model

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

Repository Service Enterprise Dynamic Access Control (EDAC) Administrative Service

A1

Customer furnished and maintained assets

EDAC Process (A) Administrative Service - establishes resource containers, CMD referrals, RM accounts.

slide-26
SLIDE 26

EDAC - Model

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

Condition Manager Service Customer Meta- Database (CMD) Repository Service Administrative Service Enterprise Dynamic Access Control (EDAC)

B2 A1 B1

Customer furnished and maintained assets

EDAC Process (B) Condition manager Service - Establishes and edits conditions to access resources.

slide-27
SLIDE 27

EDAC - Model

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

Condition Manager Service Customer Meta- Database (CMD) Repository Service Administrative Service Enterprise Dynamic Access Control (EDAC)

B2 A1 B1

Customer furnished and maintained assets

EDAC Process (C) Condition deprecator Service - listens for CMD content changes and flags unmatched or unreachable conditions.

Condition Deprecator Service

C2 C1

slide-28
SLIDE 28

EDAC - Model

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

Condition Manager Service Customer Meta- Database (CMD) Repository Service Administrative Service Enterprise Dynamic Access Control (EDAC)

B2 A1 B1

Customer furnished and maintained assets

EDAC Process (D) Customer Environmental Interface

  • furnishes

environmental updates.

C2 C1

Environmental Interface(s)

D1

Condition Deprecator Service

slide-29
SLIDE 29

EDAC - Model

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

Condition Manager Service Customer Meta- Database (CMD) Repository Service Administrative Service Enterprise Dynamic Access Control (EDAC)

B2 A1 B1

Customer furnished and maintained assets

EDAC Process (E) Customer Object profile manager Service

  • object characteristic

compilation, selection and formatting.

C2 C1

Environmental Interface(s)

D1

Customer Personnel Database Object Profile Manager Service

E2 E3 E4

Rules Engine Service Structure Format Service

E1 E5

Condition Deprecator Service

slide-30
SLIDE 30

EDAC - Model

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

Condition Manager Service Customer Meta- Database (CMD) Repository Service Administrative Service Enterprise Dynamic Access Control (EDAC)

B2 A1 B1

Customer furnished and maintained assets

EDAC Process (F) Rules Engine Service - evaluates

  • bject and conditions to

determine object resource access.

C2 C1

Environmental Interface(s)

D1

Customer Personnel Database Object Profile Manager Service

E2 E3 E4

Rules Engine Service Structure Format Service

E1 E5

Customer Portal Customer Resources (Applications)

F1 F2 F3

Condition Deprecator Service

slide-31
SLIDE 31

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

EDAC – Interoperability

EDAC interoperable among regions:

  • Set conditional access for remote users
  • Domain customer meta-databases
slide-32
SLIDE 32

EDAC - Interoperability

Pearl Harbor: resource profile created for local resource access.

Pearl Harbor customer meta- database Condition Manager Interface Enterprise customer meta- database Resource Profile CPF CPF N651 Top Secret GS12 Pearl Harbor DoD

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-33
SLIDE 33

EDAC - Interoperability

Pearl Harbor: local user profile is generated to access a local resource.

Pearl Harbor customer meta- database Condition Setting Interface Enterprise customer meta- database Resource Profile CPF CPF N651 Top Secret GS12 CPF User Profile CPF N651 Top Secret GS12 Program Manager Pearl Harbor DoD

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-34
SLIDE 34

EDAC - Interoperability

Pearl Harbor: user and resource profiles are evaluated by rules engine to determine local resource access.

Pearl Harbor customer meta- database Condition Setting Interface Enterprise customer meta- database Resource Profile CPF CPF N651 Top Secret GS12 Pearl Harbor RBAC Pearl Harbor Customer resources CPF User Profile CPF N651 Top Secret GS12 Program Manager Pearl Harbor DoD "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-35
SLIDE 35

EDAC - Interoperability

Pearl Harbor: A resource profile to allow remote users access to local resources.

San Diego customer meta- database Condition Manager Interface Enterprise customer meta- database Resource Profile SD SD N651 Top Secret GS12 Pearl Harbor San Diego DoD

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-36
SLIDE 36

EDAC - Interoperability

San Diego: user profile generated.

San Diego customer meta- database Condition Manager Interface Enterprise customer meta- database Resource Profile SD SD N651 Top Secret GS12 Pearl Harbor San Diego DoD SD User Profile SD N651 Top Secret GS12 Developer

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-37
SLIDE 37

EDAC - Interoperability

Pearl Harbor: San Diego user evaluated for Pearl Harbor resource access.

San Diego customer meta- database Condition Manager Interface Enterprise customer meta- database Resource Profile SD SD N651 Top Secret GS12 Pearl Harbor RBAC Pearl Harbor Customer resources SD User Profile SD N651 Top Secret GS12 Developer Pearl Harbor San Diego DoD "The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-38
SLIDE 38

EDAC - Interoperability

San Diego: same user evaluated for San Diego resource access.

San Diego customer meta- database Condition Manager Interface Enterprise customer meta- database SD User Profile SD N651 Top Secret GS12 Developer San Diego Resource Profile SD SD N651 Top Secret GS12 San Diego RBAC San Diego Customer resources DoD

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189."

slide-39
SLIDE 39

EDAC – Interoperability

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial

  • purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152;

telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189." San Diego customer meta- database Pearl Harbor customer meta- database Condition Setting Interface Condition Setting Interface Enterprise customer meta- database Resource Profile CPF CPF N651 Top Secret GS12 Resource Profile SD SD N651 Top Secret GS12 Pearl Harbor RBAC Pearl Harbor Customer resources CPF User Profile CPF N651 Top Secret GS12 Program Manager SD User Profile SD N651 Top Secret GS12 Developer

Pearl Harbor San Diego

Resource Profile CPF CPF N651 Top Secret GS12 Resource Profile SD SD N651 Top Secret GS12 San Diego RBAC San Diego Customer resources

DoD

slide-40
SLIDE 40

"The United States Government has certain intellectual property rights in the Enterprise Dynamic Access Control software. This intellectual property is available for licensing for commercial purposes. Licensing and technical inquiries should be directed to the Office of Patent Counsel, Space and Naval Warfare Systems Center, San Diego, Code 20012, San Diego, CA, 92152; telephone (619) 553-3001, facsimile (619) 553-3821. Reference Navy Case Numbers 96217, 97188, 97189." San Diego, CA 92152-5001 Approved for public release; distribution is unlimited.