Implementing Advanced RBAC Administration Functionality with USE

Role-based access control (RBAC) is a powerful means for laying out and developing higher-level organizational policies such as separation of duty, and for simplifying the security management process. One of the important aspects of RBAC is authorization constraints that express such organizational policies. While RBAC has generated a great interest in the security community, organizations still seek a flexible and effective approach to impose role-based authorization constraints in their security-critical applications. In particular, today often only basic RBAC concepts have found their way into commercial RBAC products; specifically, authorization constraints are not widely supported. In this paper, we present an RBAC administration tool that can enforce certain kinds of role-based authorization constraints such as separation of duty constraints. The authorization constraint functionality is based upon the OCL validation tool USE. We also describe our practical experience that we gained on integrating OCL functionality into a prototype of an RBAC administration tool that shall be extended to a product in the future

ANALYZING THE IMPACT OF THE BUSINESS LICENSING EASE POLICY FOR DRUG AND FOOD MSME BUSINESS ACTORS: A CASE STUDY IN EAST KALIMANTAN PROVINCE FROM 2018 TO 2023

The limited number of products registered with the Indonesian FDA by MSMEs is primarily attributable to their ignorance of the procedures involved in obtaining product authorization.  The Samarinda provincial office of the Indonesian Food and Drug Administration has launched the "Si Jebol" program, which assists MSMSEs in obtaining product authorization. This study aims to determine how the policy of ease of business licensure for pharmaceutical and food micro, small, and medium enterprises (MSMEs) affected product authorization in the province of East Kalimantan from 2018 to the first semester of 2023. This research methodology employs a descriptive qualitative analysis of secondary data obtained from the Samarinda annual reports of the provincial office of the Indonesian FDA. The findings indicate that the convenience of business licensing policy, which was executed by the Provincial office of the Indonesian FDA in Samarinda, effectively stimulates the issuance of product authorization permits. The obstacles encountered by MSMEs during the registration process for product authorization may serve as the foundation for future policies designed to assist MSMEs. Additional research on the challenges encountered by micro, small, and medium enterprises (MSMEs) is crucial in order to establish intervention strategies that the provincial office of the Indonesian FDA in Samarinda can implement.   Keywords: Indonesian FDA, Product Authorization, East Borneo, Policy, Micro Small and Medium Enterprise (MSME)The limited number of products registered with the Indonesian FDA by MSMEs is primarily attributable to their ignorance of the procedures involved in obtaining product authorization.  The Samarinda provincial office of the Indonesian Food and Drug Administration has launched the "Si Jebol" program, which assists MSMSEs in obtaining product authorization. This study aims to determine how the policy of ease of business licensure for pharmaceutical and food micro, small, and medium enterprises (MSMEs) affected product authorization in the province of East Kalimantan from 2018 to the first semester of 2023. This research methodology employs a descriptive qualitative analysis of secondary data obtained from the Samarinda annual reports of the provincial office of the Indonesian FDA. The findings indicate that the convenience of business licensing policy, which was executed by the Provincial office of the Indonesian FDA in Samarinda, effectively stimulates the issuance of product authorization permits. The obstacles encountered by MSMEs during the registration process for product authorization may serve as the foundation for future policies designed to assist MSMEs. Additional research on the challenges encountered by micro, small, and medium enterprises (MSMEs) is crucial in order to establish intervention strategies that the provincial office of the Indonesian FDA in Samarinda can implement.   Keywords: Indonesian FDA, Product Authorization, East Borneo, Policy, Micro Small and Medium Enterprise (MSME

Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Protecting a Dream: Analyzing the Level of Review Applicable to DACA Recipients in Equal Protection Cases

Faced with congressional inaction regarding comprehensive immigration reform, the Obama administration, through the Department of Homeland Security (DHS), implemented the Deferred Action for Childhood Arrivals (DACA) program in an effort to give young undocumented noncitizens the opportunity to contribute their skills and education to the American community by granting them deferred prosecutorial action and work authorization for a renewable term of two years. To date, DHS has granted DACA relief to over 521,825 young immigrants who would not otherwise be able to legally work in the United States. Although DACA recipients enjoy federal work authorization, states have adopted policies that restrict the benefits they receive from their employment authorization and bar them from pursuing certain professions. These policies treat DACA recipients differently from other noncitizens with temporary work permits. Yet, it is still unclear what level of review courts should apply to Equal Protection challenges arising from these policies because, although the DACA program effectively deems recipients lawfully present, it grants them no immigration status. This Comment argues that DACA recipients, like other lawfully present noncitizens, are entitled to heightened scrutiny in Equal Protection claims. First, this Comment will provide a general overview of judicial interpretation of the Equal Protection Clause. It will also explain the three major categories of noncitizens under current immigration law. Next, this Comment will examine judicial decisions in Equal Protection challenges regarding various categories of noncitizens. Lastly, this Comment will analyze why DACA recipients are entitled to heightened scrutiny under the Equal Protection Clause

Managing Dynamic User Communities in a Grid of Autonomous Resources

One of the fundamental concepts in Grid computing is the creation of Virtual Organizations (VO's): a set of resource consumers and providers that join forces to solve a common problem. Typical examples of Virtual Organizations include collaborations formed around the Large Hadron Collider (LHC) experiments. To date, Grid computing has been applied on a relatively small scale, linking dozens of users to a dozen resources, and management of these VO's was a largely manual operation. With the advance of large collaboration, linking more than 10000 users with a 1000 sites in 150 counties, a comprehensive, automated management system is required. It should be simple enough not to deter users, while at the same time ensuring local site autonomy. The VO Management Service (VOMS), developed by the EU DataGrid and DataTAG projects[1, 2], is a secured system for managing authorization for users and resources in virtual organizations. It extends the existing Grid Security Infrastructure[3] architecture with embedded VO affiliation assertions that can be independently verified by all VO members and resource providers. Within the EU DataGrid project, Grid services for job submission, file- and database access are being equipped with fine- grained authorization systems that take VO membership into account. These also give resource owners the ability to ensure site security and enforce local access policies. This paper will describe the EU DataGrid security architecture, the VO membership service and the local site enforcement mechanisms Local Centre Authorization Service (LCAS), Local Credential Mapping Service(LCMAPS) and the Java Trust and Authorization Manager.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 7 pages, LaTeX, 5 eps figures. PSN TUBT00

Trump’s ‘Immployment’ Law Agenda: Intensifying Employment-Based Enforcement and Un-authorizing the Authorized

This article considers President Trump’s immigration efforts through an immployment law lens. Immployment is a conceptual frame that reminds us to consider (1) immigration policy’s impacts on employers and the employment-based rights of workers, and (2) employment and labor law’s impacts on immigration policy. It draws from available enforcement data to argue that Trump’s regime is intensifying the use of workplace-based immigration enforcement tools such as audits of employer records and arrests of workers at their place of work. While his predecessors used these tools too, Trump is simultaneously pursuing both high profile worker arrests and bureaucratic audits as key tools of a more aggressive immigration enforcement strategy. The Trump administration is also deviating from his predecessors by un-authorizing large groups of authorized workers. The article focuses its attention primarily on one such targeted group, workers with Temporary Protected Status (TPS), who may soon lose their authorization. It also uses interviews with two dozen immigrant worker advocates in the New York City metropolitan area to convey the ways that the threat of workplace-based immigration enforcement and unauthorization efforts are consequential for workers and the government compliance and benefits regimes that rely on voluntary participation of immigrant workers

Identity and Access Management System: a Web-Based Approach for an Enterprise

Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed