The present disclosure relates generally to management systems, and more particularly, to authorization for management applications which require instance based authorization.
In management applications, operational task authorization is an important and commonly performed function. Authorization to access information stored in a database may be given to only select users for certain tasks on limited managed entities. For example in network management, a MPLS (Multiprotocol Label Switching) service operator may only manage MPLS VPN (Virtual Private Network) configuration, whereas an IPSec (Internet Protocol Security) service operator may only provision IPSec service. Management applications enforce authorization for operators to perform certain tasks.
In a typical multi-tiered software system, managed entities are stored as model objects. Operational requests, such as retrieval of a list of network devices or interfaces, are typically implemented as a query to the database. Database queries are statements used for directing database management systems to access data stored in a database. To enforce security policies, a security system or authorization component is integrated with a database access component. This is conventionally done in two steps. First, the query is executed and candidate instances which match the criteria are retrieved from data storage. The instances may be, for example, ports managed by the management system. The retrieved set of instances is then filtered one by one based on the authorization policy defined for the requesting user.
This approach works well for bounded authorization (i.e., the requested instances are known prior to access); however, it does not scale well for unbounded authorization, where the filtered instances are not known prior to applying a security filter. An example of unbounded instance authorization is the access of network devices that an operator is authorized to manage. Depending on the security policy for the requesting user, the number of authorized devices may vary. When the system is scaled up, performance may significantly degrade if all instances have to be read and processed. The performance impact in large deployment is often unacceptable and authorization is turned off, or authorization granularity moved up to the next level (e.g., from port level to chassis level).
Proxy design pattern has been applied to alleviate the performance issue. Instead of retrieving real or actual instances, a persistent layer constructs and returns proxies. Proxy instance contains identifier of the actual instance, so it is easier to construct the proxy than the instance itself. With security interception, proxy improves system performance as unauthorized instances are not constructed. However, unbounded authorization still involves the overhead of proxy interception of each proxy instance. Thus, proxy design eliminates implementation construction, but still requires per-object filtering.
Corresponding reference characters indicate corresponding parts throughout the several views of the drawings.