mpm + authorization   12

Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper presents the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists. Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.
consistency  authorization  integrity 
7 weeks ago by mpm
Application Layer Transport Security
The ALTS trust model has been tailored for cloud-like containerized applications. Identities are bound to entities instead of to a specific server name or host. This trust model facilitates seamless microservice replication, load balancing, and rescheduling across hosts
authentication  authorization  protocol  confidentiality 
may 2019 by mpm
Jespa is a Java software library that provides advanced integration between Microsoft Active Directory and Java applications
authentication  authorization  java  windows  integrity 
march 2009 by mpm
On Secure Distributed Implementations of Dynamic Access Control
Distributed implementations of access control abound in distributed storage protocols. While such implementations are often accompanied by informal justifications of their correctness, our formal analysis reveals that their correctness can be tricky.
authorization  integrity 
june 2008 by mpm
Active Directory integration in Java
Since people still seem to be rather clueless and waste a lot of time by trying to configure general-purpose LDAP or JNDI authentication mechanism to talk to Active Directory, here's how your program can talk to Active Directory from domain name:
authentication  authorization  integrity  java 
june 2008 by mpm
Smack for simplified access control
Smack implements Mandatory Access Control (MAC), but it purposely leaves out the role based access control and type enforcement that are major parts of SELinux.
linux  authorization  integrity 
april 2008 by mpm
Free IPA
FreeIPA is an integrated security information management solution combining Linux (Fedora), Fedora Directory Server, MIT Kerberos, NTP, DNS. It consists of a web interface and command-line administration tools. Currently it supports identity management with plans to support policy and auditing management.
identity  authentication  authorization  linux  unix 
march 2008 by mpm
Practical Principles for Computer Security
The key ideas are principals, a relation between principals called “speaks for”, a logic for reasoning about what resources a principal can speak for, and rules for abstracting from the bits exchanged among interacting parties to logical formulas. These ideas provide a way to reason formally about delegation, names, groups, computer systems, applications, and authorization policy.
authentication  authorization  integrity 
october 2007 by mpm
Therefore, the task at hand is to define ways for taking such JAAS-based security services to the next level, to help in linking SOA services.
java  authentication  authorization  integrity 
september 2006 by mpm
Seeking Scalable Web Authentication
The traditional J2EE approach to authentication sessions is placing identity information in the servlets Session object. The memory used by the Sessions, and potential need to replicate them, places a drag on scalability. In this article, I propose a different approach that is more scalable because it requires less shared state.
web  java  authentication  authorization  integrity 
may 2006 by mpm
The Structure of Authority: Why security is not a separable concern
Common programming practice grants excess authority for the sake of functionality; programming principles require least authority for the sake of security. If we practice our principles, we could have both security and functionality. Treating security as a separate concern has not succeeded in bridging the gap between principle and practice, because it operates without knowledge of what constitutes least authority
authorization  integrity 
may 2006 by mpm
Extend JAAS for class instance-level authorization
The Java Authentication and Authorization Service (JAAS) is an extension to the Java 2 SDK. Under JAAS, a user or service may be given specific permissions to execute code in a Java class. In this article, software engineer Carlos Fonseca shows you how to extend the JAAS framework for the enterprise. Adding class instance-level authorization and special relationships to the JAAS framework lets you build more dynamic, flexible, and scalable enterprise applications.
java  authorization  integrity 
may 2006 by mpm

Copy this bookmark: