DS2OS - Deliverable C: Implementing Directory Services for Direct Delegation

As detailed in DS2OS-Deliverable A, a DS2OS environment adopts the Direct Dele- gation access control model (DD), which constitutes an extension of the DAC model. The scope of this Deliverable is to specifically discuss issues and design choices related to DD enforcement at the network layer. These issues and design choices concern two different although related aspects: (i) the use and specification of certificates according to DD requirements, and; (ii) the implementation of an LDAP service which allows the enforcement of the DD model in a DS2OS environment. The focus of our implementation is on the OpenSolaris (or, equivalently, Solaris 10) OS, since at the moment - as throughfully discussed in Deliverable B - these are the general-purpose OS platfoms with the most advanced access control features. In particular, they are the only platforms supporting access control policies which include the management of authorizations directly at the kernel level, virtually for any process in the user space. This special authorizations, called process privileges, are very important for an effective enforcement of the DD model, since they allows for the specification of principal's capabilities at an unprecedented fine-grain level, and with much greater flexibility. This document is organized as follows. Section 2 introduce to X.509 certificates and their related management infrastructures. In Section 3, we discuss Lightweight Directory Access Protocol (LDAP), and its use for managing both basic user-related in- formation and the extended user security attributes introduced with (Open)Solaris. Fi- nally, Section 4 illustrates our enforcement of DD using X.509 certificates and OpenL- DAP [2], a major open source implementation of the LDAP protocol.