Public key infrastructures (PKI) are now in place in a number of organizations and there is a vast amount of material available that can be used to obtain familiarisation with the concept (Adams & Lloyd, 2002; Raina, 2003). Although related to PKI, privilege management infrastructure (PMI) is a more recent development in the network security field. PMI has been designed to supply the authorization function lacking in the PKI model. This article will provide an overview of PMI, will provide a number of examples of present PMI architectures, such as PERMIS (Chadwick, Zhao, Otenko, Laborde, Su, & Nguyen, 2006), AKENTI (Thompson, Essari, & Mudumbai, 2003), and Shibboleth (Carmody, 2001), and will provide some examples of practical PMI usage.
What Is Pmi?
PMI can generally be thought of as the infrastructure supporting a strong authorization subsystem via the management and use of privileges (Adams & Lloyd, 2002). PMI is essentially a term used to encompass the management of authorization processes such as access control, rights management, levels of authority, delegation of authority, and so on. A PMI helps an organization to provide secure access to any target resource that they specify based on policy. A policy should detail such information as which users are allowed access to which resources, what actions they are allowed to perform, when they are allowed access, for example, time constraints, what privileges they need to be able to access the resource and carry out an operation.
Organizations need to be sure that access to their resources is controlled by a variety of security mechanisms, for example:
To ensure that the party requesting access is who they say they are (authentication);
That the party has sufficient rights to access the resource (authorization);
That confidential material is only read by those authenticated and authorized parties (privacy); and
That the transaction is monitored (audit and control).
PMI addresses only authorization. To address other points, corresponding subsystems should be deployed.Top
Pmi Architectures For Trust Establishment
Prior to the introduction of privilege management infrastructures (PMI), access control systems trust only the “local” information they know about the outer world. This is very effective for small groups of people (e.g., multi-user Operating Systems). However, when the number of users willing to cooperate increases, such as in Grid situations or on the Web, it becomes more difficult to reflect all of the circumstances of the world locally. Dynamicity of relationships between the resource owner and the users accessing the resource also increases the difficulty of managing the privileges that each of the users has, limiting scalability of such systems.
To facilitate scalable solutions, trust in the people must be established in a distributed manner, and a means of distributing trust is required. This can be achieved in a number of ways. This section describes how this is done in three different PMI models. It starts with the approach adopted by X.509, and is followed by descriptions of the Akenti and Shibboleth architectures.
Key Terms in this Chapter
Authorization: The process of determining if a requesting party has sufficient rights to access a resource.
Digital Signature: An electronic signature can be deemed the digital equivalent of a handwritten signature. Electronic signatures can be used to authenticate the identity of the signer of the document and to also confirm the data integrity of the document.
Certificate Authority: An authority that manages the allocation of digital identity certificates to users; the CA exists as part of a PKI. The CA in conjunction with a Registration Authority (RA) initially checks to ensure the identity of a user. Once identity has been confirmed, the CA issues digital identity certificates that electronically assure the identity of a user based on the CA’s digital signature.
Digital Certificate: A digital certificate is an electronic “passport” which can be used to establish identity in an electronic environment.
Access Control: Restriction of access to some resource through the application of a mechanism which grants, denies, or revokes permissions.
Privilege: In a PMI, a privilege can be defined as an electronic right given to users enabling them to access various resources.
Access Rights Management: The process of assigning digital rights to users which can then be used in conjunction with an access control system to obtain access to some resource; the management infrastructure covers, for example, the allocation, renewal, and revocation of users rights.
Privilege Delegation: The process by which a privilege given to one party can be transferred to another party either for an indeterminate or definite period of time.
Authentication: The process by which a system can provably verify the identity of a resource such as an individual, a system, an application, and so forth.