The ENC infrastructure defines a series of events which equate to operations that require an authorization check. Most of these events can be set in a TACE to control which security principals are allowed to do what to whom and when. In most cases, if the authorization component refuses the access request, the physical connection will be terminated. The name lookup and agent connect events are exceptions to this rule.
We now briefly describe each of the events in turn. For each event, the "secured object" entry defines the protected resource and the "security principal" entry defines the requesting resource.
Secured object: The ENC node receiving the connection.
This is the only event that is not controlled within a TACE rule; therefore the target of the operation is implicit. All access to the infrastructure is controlled by the IP address white-list. Only nodes or IP ranges listed in the IP address white-list are allowed to connect to the ENC infrastructure nodes. The secured object in this instance is always the target ENC node. The white-list currently applies to all ENC infrastructure nodes.
Secured object: The ENC node accepting the connection.
Security principal: The authenticated identity of the connected ENC node.
All nodes must authenticate once they have established a network connection to a partner ENC node. This event is generated once a successful authentication sequence has been completed. The accepting ENC node calls the authorization API with the authenticated URI of the connecting node to see if the operation is allowed.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The ENC Gateway Manager node.
Security principal: The authenticated identity of the ENC Gateway Server node.
When an ENC Gateway Server successfully establishes an authenticated connection to its manager, it sends a registration message asking to register as a server. The ENC Gateway Manager will then call the authorization component to see if the server is allowed to register with this manager. This is to stop unauthorized ENC Gateway Servers being placed into the ENC virtual network.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The ENC Gateway Server handling the request.
Security principal: The authenticated identity of the ENC Gateway Router node.
When a router successfully establishes an authenticated connection to its server, it too sends a registration message asking to register as a router. The ENC Gateway Server will perform a local authorization check to see if this operation is allowed, and then passes the request on to the ENC Gateway Manager for further authorization.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The ENC Gateway Manager node.
Security principal: The authenticated identity of the ENC Gateway Router node.
This event is generated when a server forwards on a router registration message. The ENC Gateway Manager calls the authorization component to see if the router is allowed to join the ENC virtual network.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The ENC Gateway Server handling the request.
Security principal: The authenticated identity of the ENC Client node.
This event is generated when an ENC Client node registers to an ENC Gateway Server node. The server performs a local authorization check, and then passes the registration request up to the ENC Gateway Manager for an authoritative answer.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The ENC Gateway Manager node.
Security principal: The authenticated identity of the ENC Client node.
This event is generated when an ENC Gateway Server node forwards on an ENC Client registration message to the ENC Gateway Manager.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
This event is not currently implemented. The event is an agent local authorization check to see if the ENC agent is allowed to create a listening connection.
This event is not currently implemented. The event is an agent local authorization check to see if the ENC agent is allowed to create an outgoing connection.
Secured object: The security identity of the target ENC node.
Security principal: The authenticated identity of the requesting ENC Client node.
This event is generated at the ENC Gateway Manager node whenever an ENC agent wishes to connect to another ENC agent node.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The security identity of the ENC Gateway router node.
Security principal: The authenticated identity of the requesting ENC Client node.
This event is generated at the ENC Gateway Router node when an ENC agent connects to the router to establish a virtual connection to another ENC agent node.
The access control entry for this event can specify the target as either the literal computer identity (from authentication), a pattern matching expression to address a sub-group of computers, or a realm name.
Secured object: The security identity of the target ENC node.
Security principal: The authenticated identity of the requesting ENC Client node.
This event is generated at the ENC Gateway Manager node when an ENC node wishes to perform a name lookup operation to convert from a symbolic host name to an ENC private address.
The ENC Gateway Manager initially extracts the target DNS name from the name lookup request, and converts this into one or more client records (thus allowing duplicate host-names across realms, but not within). These client records are passed though to the authorization component to decide if the name lookup request should be allowed (or not). A client record consists of the known DNS name and the authenticated identity of the object.
The access control entry for this event can specify the target as the literal computer identity (from authentication); a realm name; or a pattern matching expression to address a sub-group of computers or even multiple-realms.
Secured object: The security identity of the target ENC node.
Security principal: The authenticated identity of the requesting ENC Client node.
This event is generated when an ENC client connection requests management information from the target ENC gateway.
The management information can include data about all ENC virtual connections hosted by an ENC server, so only approved nodes must be given access.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|