Collaborative Portal Security
advertisement
Collaborative Portal Security CSE 5810 Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut 371 Fairfield Road, Box U-1155 Storrs, CT 06269-1155 steve@engr.uconn.edu http://www.engr.uconn.edu/~steve (860) 486 - 4818 PortalSecurity-1 Security for Collaborative Web Portals CSE 5810 Collaborative Portals Rapidly Emerging as Means for Communication, Interaction, and Problem Solving over Distances SourceForge MediaWiki Microsoft Sharepoint phpBB Security Model and Enforcement Often Lacking Consider WIKIs Anonymous Users (Read Only) Registered Users (Full Write Access) Result: No Guarantee of Data Correctness Need to Transcend Simplistic Approach for Application Level, Document Level (Author/View), and Look-and-Feel of Portal Itself PortalSecurity-2 What is a WIKI? CSE 5810 Repository for Information that Accessible to All Collaborative Platform Content Contribution/Creation/Modification Document Authoring Historical Tracking of Actions Shared Platform to Facilitate Information Exchange, Joint Efforts, etc. Runs in Web Environment (Browser) – No Software to Install Limited Security: User Accounts/Passwords PortalSecurity-3 CSE 5810 PortalSecurity-4 CSE 5810 PortalSecurity-5 CSE 5810 PortalSecurity-6 CSE 5810 PortalSecurity-7 MediaWiki underlies WikiPedia CSE 5810 http://www.mediawiki.org/wiki/MediaWiki PortalSecurity-8 MediaWiki from SourceForge CSE 5810 PortalSecurity-9 A Wiki for Accreditation CSE 5810 PortalSecurity-10 Creating an Account CSE 5810 PortalSecurity-11 Viewing the Main Page CSE 5810 PortalSecurity-12 Uploading Documents CSE 5810 PortalSecurity-13 Creating and Modifying Content CSE 5810 PortalSecurity-14 Viewing the Historical Record CSE 5810 PortalSecurity-15 Customized Searching CSE 5810 PortalSecurity-16 Uploading Images CSE 5810 PortalSecurity-17 Problems with MediaWiki and Others CSE 5810 Not Very User Friendly, Particularly for NonComputer Savvy Population Difficult to Customize with Specialized Features and Capabilities beyond Basic Look and Feel Changes Security Limited to User/Password Combinations Everyone can do Anything Set up as Shared and Collaborative for All No Control on Incorrect Content Being Uploaded Addition of Security Violates General WIKI Concept of Open and Available to All PortalSecurity-18 Current R&D on WIKIs CSE 5810 Led by Serebrum (www.serebrum.com) Developing AXON WIKI with Capabilities that include: Content Creating Editing (WYSISYG) Document Publishing (Web, PDF, RTF) Document Distribution (Email, Print, Fax) Mobile Access (Limited with BlackBerry) Security Role-Based Access Control to Define Privileges For Example, Physician, Provider, Patient, Clinical Researcher, etc. Full Collaborative Environment PortalSecurity-19 Usage of Axon in Safety.Net CSE 5810 Used by Project Team (PIs, Co-PIs, Providers, etc.) Repository for Planning Effort Upload, Create, Review, Modify Documents Allows Safety.Net Team to Familiarize Themselves with WIKI Technology/Web Portals No Software to Install Problems with Off-the-Shelf Product (MediaWiki) Customization Time Consuming (and Limited) Security Minimal – but Acceptable for this Use (Can’t store any Patient Related Information) Limited User Friendliness May Result in Poor Opinion of Web Technology PortalSecurity-20 Usage of WIKIs in Safety.Net CSE 5810 Another Alternative – Use AXON Product Still Web Solution (No Software to Download) Professional Developers Customize AXON for Use on Project Multi-Pronged Approach Start with AXON for PIs, Co-PIs, Providers as Means to Support the Grant Explore the Potential Usage/Extensions of AXON to Support Patient Access to Health Care Data Synergistic Teams (Serebrum, UCHC, UConn CSE) Submit Phase I Grants for Funding In-Kind Software Contribution/Pay for Customization Work Currently Funded PortalSecurity-21 Potential Usage of WIKIs in CTSA CSE 5810 Use of AXON as Enabling Technology for the Grant Web-Based and Hand-Held Interfaces Customization for Biomedical Informatics Platform for Clinical Research (Recruit Patients, Providers, etc.) Information Dissemination (Newsletters, etc.) Architectures and Solutions for Integration with Healthcare Systems (EMR, EHR) Security and HIPPA Compliance XML Standards for Health Data Document Extensions (Medical Images) Visualization Extensions (Data Mining) Going Independent Route for Team Project PortalSecurity-22 A First Snapshot of AXON CSE 5810 PortalSecurity-23 A First Snapshot of AXON Infolet – Piece of Information that can Easily Created, Edited, Classified, etc. CSE be 5810 Infolets organized into Accordions (US Travel, Project Brainstorm, etc.) For Our Purposes – HIT Related Topics PortalSecurity-24 A First Snapshot of AXON CSE 5810 Docs can be Images, Word, PDF, anything… This is an editable document associated with the Selected Topic Accordions Contain a Topic Topics Parent Topics, Child Topics, GrandChild Topics Customizable Based on Domain PHR: Parent Topics of: History, Meds, Visits, etc. Each Topic has Document (Editable) and Attached Documents The Topic Tree is Customizable by User/Role so that Different Information visible to Different Users PortalSecurity-25 Other AXON Features CSE 5810 Intended to be Fully Fledged Collaborative Tool Work Over Distance History + Audit Trail Full-text search Integrated CMS + DMS Hierarchical topic tree Easy Content Creation PortalSecurity-26 Editing Topic Documents CSE 5810 For Each Topic,Associated Document can be Created/Edited with Full WYSISYG editor Other WIKIs Don’t have this Capability Extending this to Spreadsheet Creation Word-like Interface for Document Creation and Modification PortalSecurity-27 Other AXON Features CSE 5810 This allows Documents to be Assembled From Topic Down Combines Docs Creates New Doc This is the WIKIBerry Interface Limited Access View and Edit Content Synchs with Server PortalSecurity-28 Architecture Promotes Customizability CSE 5810 Presentation Layer BrainStorm Struts (JSP / Servlets) DITA Publishing Channels Elicitation Toolkit Ajax Requirements Ontology Web Workstation VPN F I R E W A L L Application Layer RBAC Axon (Wiki + CMS + DMS + Search) Data Layer LDAP Laptop Any DB Hibernate Ajax Engine WebSphere Grayed Boxes (Elicitation Toolkit and Ontology) are Application Dependent/Customizable PortalSecurity-29 Security Concepts and Permissions in Axon CSE 5810 A user is identified by: Username (unique), userid (unique), User duration (userstarttime and userendtime that the user is active). A role can be defined for any capability Standard roles: guest, author, manager, admin For each role, there is a list of allowable topics A user associated with one or more roles in axon User authenticated (user name, password) User selects from list of authorized roles a set of Axon customizes itself based on the chosen role using the permissions stored in the database Able to change roles during a session. Multiple separate sessions each with its own role. PortalSecurity-30 Security Concepts and Permissions in Axon CSE 5810 To isolate user from role: group abstraction Each User is the member of one or more Groups Group is identified by: GroupName (unique), GroupID (unique), and Group duration (GroupStartTime and GroupEndTime Users in multiple groups and have multiple roles Each group can have zero or more users Active Session for a User limits the User to a particular Group <UserID, GroupID> From a security perspective (see next slide): Permissions will be assigned to Roles Roles will be assigned to Users/Groups Users/Groups will be assigned to Accordions. PortalSecurity-31 CSE 5810 PortalSecurity-32 Current AXON Main Scren CSE 5810 PortalSecurity-33 Other Important Concepts CSE 5810 A Project contains multiple Accordions E.g. US Travel, Brainstorm, EGuru, and Report For Each Accordions, a Topic Tree, a Document List, and an Index is maintained Each Accordion can have one or more Users, Each Accordion can have zero or more Groups University Accordions: Just like Peoplesoft Faculty, Student, Grad Program Director Faculty Accordion (corresponding to the Faculty Role) would have Record Grade, Permission Numbers, Advisee List, and other Child Topics PHR Accordions: Patient History, Education Materials, Appointments, etc. PortalSecurity-34 Other Important Concepts CSE 5810 The Topic Tree contains three levels of parent, child, and grandchild topics: Each topic in this tree is associated with exactly one xhtml page. Each topic in this tree is associated with zero or more documents of all types (Word, PPT, PDF, GIF, etc.). The DOCS tab contains a list of documents. specifically, for the selected topic - all documents for the topic and its descendants are shown. PortalSecurity-35 Axon Permissions CSE 5810 Basic Topic Tree Permissions Each Role can have one or more topics Each Group can have zero or more topics Each Accordion can have zero or more topics Upon Successful Login, the Accordions for a User in a Group with a Role are Displayed Advanced Topic Tree Permissions: View Means that the User has permission to View the xhtml page associated with that topic Edit Means that the User has permission to modify, delete, update, etc., the xhtml page associated with that topic PortalSecurity-36 Axon Permissions CSE 5810 Edit/History Permissions Edit having a value of Yes means the Edit button is enabled If the Topic Tree has a Permission of Edit for a Topic, then the permission for the Topic Button Edit should be set to Yes. History View and History Rollback are assigned on a Yes/No basis to each Role. Button Permissions: Buttons: Global Menu for Hide, History, Import, Export, Email, Fax, and Print. Permissions are Yes/No on a role-by-role basis. No means that the associated ICON doesn’t appear PortalSecurity-37 Axon Permissions CSE 5810 Topic Icon Permissions: Five Icons are: New Topic to Create a new Topic Copy to Make a Copy of an Existing Topic Paste to Paste a Copy of an Existing Topic Rename to Change the Name of a Topic Archive to Store a new Version of the xhtml page associated with the topic Permissions are Yes/No on a role-by-role basis. No means that the associated ICON doesn’t appear PortalSecurity-38 Axon Permissions CSE 5810 Document Permissions View: Open Document (word, PPT, etc.) with associated desktop viewer but do not save changes. Add: Be able to Import a Document Replace: Be able to Substitute a new Document for an Existing Document Replace is really "Substitute this new document while saving all versions of the old one." Archive: Transition a document to being "logically offline" as it exists at that point in time and remove it from the list of active documents Users will not be able to view the archived documents. An Administrator has the authority to restore archived documents if required PortalSecurity-39 Realizing RBAC in Axon CSE 5810 Combination of LDAP and Custom RBAC Lightweight Directory Access Protocol Tracks Directory Info on Users/Sessions Customize via RBAC Look and Feel (prior slides) Other Technologies Possible XACML – Web Services Policy Constraint Lang. Different Implementations Available Not Mature as yet Bandit Role Engine RBAC based on NIST and Sun’s XACML Limited Functionality Our Approach – Custom, Relational DB Solution with Enforcement Built into Axon PortalSecurity-40 UML ER Diagram Group_Role_Authorization User_Group_Authorization CSE 5810 -GroupRoleStartTime -GroupRoleEndTime -UserGroupStartTime -UserGroupEndTime Users Groups -UserID -UserName Roles -GroupID -GroupName * Widgets * * -RoleID -RoleName * * * -WidgetID -WidgetName -WidgetType Permissions Topic_Role_Auth -PermissionID -PermissionName -PermissionType * * * * * * WIKI_LookAndFeel_Auth * * Topic_Group_Auth Document_Auth * * * * * * Projects -ProjectID -ProjectName -ProjectStatus Documents * 1 Spaces -SpaceID -SpaceName Project_Spaces Topics 1 * * 0..* -TopicID -TopicName Space_Topics -DocumentID -DocumentName -DocumentType -DocumentStatus Widget_Privilege_Types Topic_Attachments PortalSecurity-41 Relational Database Tables for RBAC CSE 5810 Top Level Tables: ProjectInfo <ProjectID, ProjectName> AccordionInfo <AccordionID, AccordionName> ProjectAccordions <ProjectID, AccordionID, AccStartTime, AccEndTime> Master Tables: All Projects, Accordions, and P-A Topic/Subtopic Tables: Topic <TopicID, TopicName, ProjectID, AccordionID> SubTopic1 <SubtopicID1, SubTopic1Name, TopicID> SubTopic2 <SubTopicID2, SubTopicID1, TopicID, SubTopic2Name> Master Tables for All Parent, Child, and Grandchild Topics PortalSecurity-42 Relational Database Tables for RBAC CSE 5810 Versions: TopicVersion <VersionPK, VersionID, TopicID, SubTopicID1, SubTopicID2, Author, Description, VersionDate, Attachment> Different Versions of xhtml Page for Each Tree Entry Attachments: Attachment <AttachmentPK, TopicID, LevelID> AttachmentVersion <VersionPK, VersionID, AttachID, FileName, DocType, Author, Size, AttachmentDate, Comments, RandomName> Various Attachments (Documents –Word, PPT, etc.) Associate with Each Topic + Versions PortalSecurity-43 Relational Database Tables for RBAC CSE 5810 Permissions: UserInfo <UserID, LastName, FirstName, UserStartTime, UserEndTime> PermissionInfo <PermissionID, PermissionName> GroupInfo <GroupID, GroupName, GroupStartTime, GroupEndTime> RoleInfo <RoleID, RoleName, RoleStartTime, RoleEndTime> UserGroupAuthorization <UserID, GroupID, UGStartTime, UGEndTime> UserRoleAuthorization <UserID, RoleID, URStartTime, UREndTime> The User, Roles, Groups, and their Permissions PortalSecurity-44 Relational Database Tables for RBAC CSE 5810 Authorizing Topics to Users, Groups, and Roles Authorization – Option A: TopicUserAuth <UserID, PermissionID, ProjectID, AccordionID, TopicID, SubTopicID1, SubTopicID2> TopicGroupAuth <GroupID, PermissionID, ProjectID, AccordionID, TopicID, SubTopicID1, SubTopicID2> TopicRoleAuth <RoleID, PermissionID, ProjectID, AccordionID, TopicID, SubTopicID1, SubTopicID2> Authorization – Option B: TopicAuth <ProjectID, AccordionID, GroupID, UserID, RoleID, PermissionID, TopicID, SubTopicID1, SubTopicID2> PortalSecurity-45 Relational Database Tables for RBAC CSE 5810 Wiki Look and Feel Authorization: WikiLookandFeelAuthorization <RoleID, widgetID, widgetprivilegeID> Widget <widgetID, widgettype, widgetcategory, widgetname> WidgetPrivilegeType <widgetprivilegeID, widgetprivilegename> Tracking the Different Widgets and their Availability based on Role PortalSecurity-46 Sample Table Entries CSE 5810 PortalSecurity-47 Concluding Remarks: Portal Security CSE 5810 Expand WIKI Security Beyond Coarse Grained Transition and Generalize to Web Portals Security for: Application Level Document Level Portal Look-and-Feel Truly Collaborative and Secure Other Work Extending Axon with MAC (Navy SBIR) Dealing with Delegation, Separation of Duty, etc. Leveraging the Concepts for Team Project PortalSecurity-48
