CS283 - Lecture 6 - Part 1 - Additional Topics - Identity

CS283 - Lecture 6 - Part 1 - Additional Topics - Identity -...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 6 Part 1 - Additional Topics - WU Identity GWU CS 172/283 Autumn 2009 All slides from Bishop’s slide set 11/11/2009 CS283-172/Fall06/GWU/Vora/Identity All Slides from Bishop's Slide Set 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Identity ¾ Principal : a unique entity ¾ Identity : specifies a principal ¾ Authentication : the binding of a principal to a representation of identity that is internal to the system ll access and resource allocation decisions assume the ¾ All access and resource allocation decisions assume the binding is correct ¾ Identity is used for access control and accountability; e latter requires logging and auditing i e history the latter requires logging and auditing, i.e. history 2 GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 2
Users ¾ Exact representation of a user is tied to the system ¾ Example: UNIX systems ¾ Login name: is used to log in to the OS ¾ Logging processes usually use this name ¾ User identification number (UID): is a unique teger assigned to user integer assigned to user ¾ The OS kernel uses UID to identify users ¾ There is one UID per login name, but multiple login ames may have a common UID 3 names may have a common UID GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Multiple Identities ¾ UNIX systems (cont’d) ¾ Real UID: the user identity at login, but it is changeable ¾ Effective UID: the user identity used for access control ¾ Setuid changes the effective UID ¾ Saved UID: the UID before the last change of UID ¾ This allows a user, for example, to work with elevated ,p , privileges, drop them, reclaim them later ¾ Audit/Login UID: a user identity used to track the riginal UID original UID ¾ The Audit/Login UID cannot be altered; it is used to tie actions to login identity 4 GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 4
Groups re used to share access privileges among users ¾ Are used to share access privileges among users ¾ First model: alias for set of principals rocesses are assigned to groups ¾ Processes are assigned to groups ¾ Processes stay in those groups for their lifetime ¾ This model represents a static identity ¾ Second model: principals can change groups ¾ Rights associated with a user’s old group are discarded; rights associated with the new group are added ynamic identity 5 ¾ Dynamic identity GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Roles roup with membership that is tied to function ¾ Group with membership that is tied to function ¾ Rights granted are consistent with the rights needed to perform function ¾ Roles are based on the second model of groups ¾ Example: Data General/UX ser ot oes not have administration functionality ¾ User root does not have administration functionality ¾ System administrator privileges are contained in the sysadmin role ¾ Network administration privileges are contained in the netadmin role ¾ Users can assume either role as needed 6 GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 1- Rev 20091103
Background image of page 6
Naming and Certificates ¾ Certificates are issued to a principal ¾
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 31

CS283 - Lecture 6 - Part 1 - Additional Topics - Identity -...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online