Michael Ransom
The standardized infrastructure of the Open Systems Interconnection (OSI) application layer includes the Directory, a specialized database system that can be used by other OSI applications, and by people, to obtain information about objects of interest in the OSI environment. Typical Directory objects correspond to systems, services, and people. Examples of information found in the Directory include telephone numbers, electronic mail addresses, postal addresses, network node addresses, public key identity certificates, and encrypted passwords. Because of existing and proposed privacy legislation such information, more often than not, is expected to be subject to various security policies that dictate how disclosure and modification are to be controlled. The Directory standard, as originally published in 1988, pointed out the need for a standardized access control mechanism, but did not include specifications for any particular mechanism. Since that time, the standards committee charged with maintenance of the Directory standard has been working to remove that deficiency as well as a number of others. This effort has culminated in the publication of a new edition of the Directory standard in 1993 that incorporates a series of amendments and one new part covering replication. For access control, there are four amendments that collectively describe two standardized access control mechanisms and improvements to the Directory Authentication Framework. The new access control mechanisms will be available on an optional basis in implementations of the new Directory standard.
This chapter focuses on the two standardized access control mechanisms and provides insight into their use by characterizing parts, or fragments, of security policy that can be easily supported. In addition, some important policies that are not supported are discussed. The primary goal is to help system administrators and security managers understand the general character of security policy requirements and authority relationships that can be accommodated by the new mechanisms.
The body of this chapter is organized into four major sections. The first provides a brief overview of the Directory system and identifies the general scope of policy issues that can be addressed using the standardized access control mechanisms. The second and third sections progress towards a more detailed explanation and characterization of policy elements that can be represented and enforced by the mechanisms. These sections begin by using popular security policy models to provide an overview of what the standardized access control mechanisms can and cannot control and what information is used by the mechanisms to make access decisions. Next, the Directory operations are reviewed to elucidate how access control relates to each. Some specific examples of controls for several operations are then considered in detail to show how access decision making works. The examples also provide a basis for building a taxonomy of supported policy encodings. The taxonomy is presented at the end of the third section. Finally, the fourth section characterizes some important policy issues that cannot be directly supported by the mechanisms.