PLoP2004_ndelessygassant0_0.doc

Predicate 1 protects accessservice application

Info icon This preview shows pages 6–10. Sign up to view the full content.

View Full Document Right Arrow Icon
predicate 1 protects accessService * Application Firewall 1 * 1 1 * * * Application Level Implementation Level requestService *
Image of page 6

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Dynamics We describe the dynamic aspects of the Application Firewall using sequence diagrams for two use cases: filtering a Client’s request with user authentication and adding a new policy. Filtering a Client’s Request with user authentication: Summary : A Client requests access to a service of an application to either input or retrieve information. The access request is made through the PolicyEnforcementPoint, which accesses the PolicyAuthorizationPoint to determines whether to accept or deny the request. Figure 3 corresponds to this basic use case. Actors : A Client Precondition : Existing IdentityBase and PolicyBase classes must be in place in the firewall. The IdentityBase contains the data necessary to authenticate a Client. The PolicyBase contains specific policies defined by the organization. Description: a. A Client requests access to an application. b. An Application Firewall, through its PolicyEnforcementPoint, intercepts the request and accesses the PolicyAuthorizationPoint. c. The PolicyAuthorizationPoint authenticates the Client through its IdentityBase. This step may be avoided for each request through the use of a Session class. d. Once the Client is authenticated and identified, the PolicyAuthorizationPoint filters the request according to the PolicyBase. The request is accepted or denied according to the defined policies. e. If the request is accepted, the firewall allows access to the service of the application and the access is logged into the Application Firewall. Alternate Flows : If the Client is not recognized or if no policy allows the specific Client to access the specified service, the firewall rejects the access request to the service. If the user has already been authenticated, the Client may not be authenticated again (Single Sign-On use). Postcondition : The firewall has provided the access of a Client to a service, based on verifying the identity of the Client, and the existence of a matching policy. 7
Image of page 7
Figure 3: Sequence Diagram for filtering a Client’s request with Authentication (case when the policies are described through roles) log() log() :Client : Policy EnforcementPoint : Policy AuthorizationPoint : IdentityBase : PolicyBase :Application interceptMessage() interceptMessage() checkAccess(serviceId, id, role, credentials) checkAccess(serviceId, id, role, credentials) authenticate(serviceId, role, credentials) authenticate(serviceId, role, credentials) clientAuthenticated clientAuthenticated checkAccess(serviceId, id, role) checkAccess(serviceId, id, role) accessGranted accessGranted accessGranted accessGranted accessService(serviceId) accessService(serviceId) : ApplicationFi rewall requestAccepted requestAccepted requestService( serviceId, role, id, credentials) requestService( serviceId, role, id, credentials) requestService( serviceId, role, id, credentials) requestService( serviceId, role, id, credentials) log() log() 8
Image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Adding a new policy: Summary
Image of page 9
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern