4.1 Graded Authentication Terms

4.1.1 Security Policy Object

The Security Policy object is the object in Novell eDirectory that you can use to manage the elements of graded authentication. The Security Policy object resides in the Security container.

For more information, see Section 4.3, Configuring the Security Policy Object.

4.1.2 Category

A category is an element of a set that represents sensitivity and trust. You use categories to define security labels.

There are two types of categories: secrecy and integrity.

  • Secrecy Categories: Secrecy controls the disclosure of information.

    A user that is assigned a certain secrecy category can’t read an object of a higher level of secrecy, but it can read an object of the same or lower level of secrecy. The user can’t write to an object of a lower level of secrecy, but it can write to an object of the same or higher level.

    Think of it in terms of a government secret agent. The government agency has three levels of secrecy; Unclassified, Secret, and Top Secret. The agent is given a Secret level of secrecy. The agent cannot read information designated as Top Secret, but the agent can read information designated as Unclassified or Secret. The agent cannot write information from his Secret level to the Unclassified level, but the agent can write information to the Secret or Top Secret levels.

  • Integrity Categories: Integrity controls the validity of information.

    A user that is assigned a certain integrity category can’t write to an object of a higher level of integrity, but it can write to an object of the same or lower level. The user can’t read to an object of a lower level of integrity, but it can read to an object of the same or higher level.

    Think of this in terms of two newspapers. One newspaper is highly respected for its honesty in reporting the facts. The other newspaper is a supermarket tabloid that manufactures stories. The newspaper with the lower integrity cannot publish stories in the newspaper with higher integrity, but the newspaper with higher integrity could publish a story in the newspaper with less integrity. Likewise, the newspaper with higher integrity would not quote from the stories produced by the newspaper with lower integrity, but the newspaper with lower integrity might quote from the stories produced by the newspaper with higher integrity.

NMAS comes with three secrecy categories (Biometric, Token, Password) and three integrity categories (Biometric, Token, Password) defined. You can define additional integrity categories to meet your company's needs.

For more information, see Defining User-Defined Categories (Closed User Groups).

4.1.3 Security Label

A security label represents the sensitivity of information. It is a set made up of categories. For example, the Biometric security label contains the Biometric secrecy category. The Biometric and Token and Password security label contains three secrecy categories: Biometric, Token, and Password.

A security label can be assigned to a volume or to any eDirectory attribute. The security label is compared against a user's current clearance to determine what information the user can access.

NMAS comes with eight security labels defined. The following table shows the predefined security labels and single-level clearances:

Table 4-1 Predefined Security Levels and Single-Level Clearances

Default Security Labels

Secrecy Categories

Integrity Categories

Biometric & Password & Token

{Biometric, Token, Password}

{0}

Biometric & Password

{Biometric, Password}

{0}

Biometric & Token

{Biometric, Token}

{0}

Password & Token

{Token, Password}

{0}

Biometric

{Biometric}

{0}

Password

{Password}

{0}

Token

{Token}

{0}

Logged In

{0}

{0}

Novell only uses secrecy categories to define the default security labels. This meets the needs of most users. However, Novell provides you with the ability to create your own security labels that can be a combination of both secrecy and integrity categories to meet your company's needs. This, however, can become very complex. See Section 4.2.1, Determining Access with Security Labels Made Up of Both Secrecy and Integrity Categories

For information on how to create a security label, see Defining Security Labels.

4.1.4 Clearance

Clearances are assigned to users to represent the amount of trust you have in that user. A clearance has a Read label that specifies what a user can read and a Write label that specifies what information a user can write to. For more information, see Dominance and Section 4.2, Graded Authentication Rules.

There are two types of clearances: single-level and multi-level.

Single-Level Clearance

A single-level clearance is a clearance in which the Read label and the Write label are the same. For example, the Biometric clearance's Read label and Write label use the same Biometric label. Therefore, a user who is assigned the Biometric clearance can read information labeled with Biometric and below, but can only write to information labeled Biometric. All labels are used as single-level clearances.

Multi-Level Clearance

A multi-level clearance is a clearance in which the Read label and the Write label are different. For example, the Multi-Level Administrator clearance is a multi-level clearance and has Biometric and Token and Password for the Read label and Logged In for the Write label. This clearance allows the user to read all information and to write to all information that is labeled with the default security labels.

NMAS defines only one multi-level clearance: Multi-Level Administrator.

You can define additional clearances to meet your company's needs.

The following table summarizes the access relationships between the predefined single-level clearances and the predefined security labels. Remember that the Novell predefined security labels use secrecy categories only.

Clearance Table

For more information, see Defining Clearances.

4.1.5 Dominance

In administering graded authentication, it is vitally important that you understand the concept of dominance.

All access control decisions are based on the relationship between the labels of the information and the session clearance of the user. There are only three such relationships:

  • Dominate Relationship

    Label A1 is said to dominate Label A2 if:

    A1’s secrecy categories include all those of A2

    AND

    A2’s integrity categories include all those of A1

  • Equal Relationship

    Label A1 is equal to Label A2 if:

    A1’s secrecy categories are the same as A2’s secrecy categories.

    AND

    A1’s integrity categories are the same as A2’s integrity categories.

    This can also be expressed as:

    A1 dominates A2 and A2 dominates A1.

  • Incomparable Relationship

    Label A1 cannot be compared to Label A2 if none of the previous relationships apply.

For more information, see Section 4.2, Graded Authentication Rules.