IEC 62351-8 specifies that Role Based Access Control are used to reduce and limit user access to a system based on their role.
The concept is to perform an action a user need to authenticate themselves (username/password) and have a role with the correct access rights.
How would we implement this in Radius/Freeradius?
As far as I can tell Radius can authenticate based on user/password, but does not by default provide an indication of the role/group the user is asking permissions for.
For example if I have a user with both operator and security admin roles, how would they go about requesting security admin role?
I am presuming this has something to do with attributes, but there is no obvious attribute to do this
having the same problem this is the solution i will use:
Radius defines a Vendor-Specific attribute, in which the information about the roles etc. can be stored.
I found an example here:
https://www.researchgate.net/publication/317167505_Handling_Role-based_Access_Control_in_the_Digital_Grid
which propose the vendor specific type to be build up as follows:
BEGIN-VENDOR IEC
ATTRIBUTE RoleID 1 integer
ATTRIBUTE roleDefinition 2 string
ATTRIBUTE AoR 3 string
ATTRIBUTE revision 4 integer
ATTRIBUTE ValidFrom 5 string
ATTRIBUTE ValidTo 6 string
End-VENDOR IEC
Handling Role-based Access Control in the Digital Grid (PDF Download Available). Available from: https://www.researchgate.net/publication/317167505_Handling_Role-based_Access_Control_in_the_Digital_Grid [accessed Jan 09 2018].
And here an example of a dictonary file of FreeRadius with the possibility to send two differnet Tokens (id 0 and 1), where the tokeId is calculated out of the Attribute Type):
VENDOR International-Electrotechnical-Commission 41912
BEGIN-VENDOR International-Electrotechnical-Commission
ATTRIBUTE IEC62351-8-RoleID-0 1 integer
ATTRIBUTE IEC62351-8-roleDefinition-0 2 string
ATTRIBUTE IEC62351-8-aor-0 3 string
ATTRIBUTE IEC62351-8-revision-0 4 integer
ATTRIBUTE IEC62351-8-ValidFrom-0 5 string
ATTRIBUTE IEC62351-8-ValidTo-0 6 string
ATTRIBUTE IEC62351-8-RoleID-1 11 integer
ATTRIBUTE IEC62351-8-roleDefinition-1 12 string
ATTRIBUTE IEC62351-8-aor-1 13 string
ATTRIBUTE IEC62351-8-revision-1 14 integer
ATTRIBUTE IEC62351-8-ValidFrom-1 15 string
ATTRIBUTE IEC62351-8-ValidTo-1 16 string
END-VENDOR International-Electrotechnical-Commission
Related
I'm trying to create a shacl based on the ontology that my organization is developing (in dutch): https://wegenenverkeer.data.vlaanderen.be/
The objects described have attributes (properties), that have a specified datatype. The datatype can a primitive (like string or decimal) or complex, which means the property will have properties itself (nested properties). For example: an asset object A will have an attribute assetId which is a complex datatype DtcIdentificator, which consists of two properties itself. I have succesfully created a shacl that validates objects by creating multiple shapes and nesting them.
I now run into the problem of what we call union datatypes. These are a special kind of complex datatypes. They are still nested datatypes: the attribute with the union datatypes will have multiple properties but only exactly zero or one of those properties may have a value. If the attribute has 2 properties with values, it is invalid. How can I create such a constraint in shacl?
Example (in dutch): https://wegenenverkeer.data.vlaanderen.be/doc/implementatiemodel/union-datatypes/#Afmeting%20verkeersbord
A traffic sign (Verkeersbord, see https://wegenenverkeer.data.vlaanderen.be/doc/implementatiemodel/signalisatie/#Verkeersbord) can have a property afmeting (size) of the datatype DtuAfmetingVerkeersbord.
If an asset A of this type would exist, I could define its size as (in dotnotation):
A.afmeting.rond.waarde = 700
-or-
A.afmeting.driehoekig.waarde = 400
Both are valid ways of using the afmeting property, however, if they are both used for the same object, this becomes invalid, as only one property of A.afmeting may have a value.
I have tried using the union constraint in shacl, but soon found out that that has nothing to do with what we call "union datatypes"
I think the reason you are struggling is because this kind of problem is usually modelled differently. Basically you have different types of Traffic signs and these signs can have measurements. With the model as you described, A.afmeting.rond.waarde captures 2 ideas using 1 property: (a) the type and (b) the size. From your question, this seems to be the intend. However, this is usually not how this kind of problem is addressed.
A more intuitive design is for Traffic sign to have 2 different properties: (a) type and (b) a measurement. The Traffic sign types are achthoekig, driehoekig, etc. Then you can use SHACL to check that a traffic sign has either both or no properties for a traffic sign.
If I have user who likes apples and oranges can I code it like this:
firebase.analytics().setUserProperties({favorite_food: 'apples'});
firebase.analytics().setUserProperties({favorite_food: 'oranges'});
or I must create values like this:
firebase.analytics().setUserProperties({favorite_food: 'apples_oranges'});
?
In Firebase docs I havent found information if some user has multi value for one User Property, their example: https://firebase.google.com/docs/analytics/user-properties?platform=ios#set_user_properties_2
based on 1 value per 1 User Property, but what if 1 user has many values for 1 user property?
A user property can hold a single value. Your first code sample would set the user property to "apples" and then set the same user property to "oranges".
In a QTableModel when I enter the following:
print model.supportedDropActions()
I just get:
<PyQt4.QtCore.DropActions object at 0x00000000081172E8>
How can I access an actual list of the supported drop actions from this object? At the documentation, it says, "The DropActions type is a typedef for QFlags. It stores an OR combination of DropAction values."
Note I am doing this in Python (PySide).
Related posts:
Drag and drop rows within QTableWidget
Background
First, make sure you understand how the bitwise-encoding works for these flags. There are really good descriptions in the accepted answers here:
What are bitwise operators?
How to find specific Qt.ItemFlag occurrence into custom Qt.ItemFlags instance in PyQt?
Everyone that uses Qt and its relatives should read them, they will save a lot of headache if you ever want to extract information from the bitwise-encoded values.
Solution
While the following isn't for drop actions, but for item data roles, the principles are the exact same. As mentioned in the comments on the original post, you can recast the encoded value as an int and then decode it to a human-readable format using the enumeration (i.e., the translation between integer and role) provided by Qt online. I don't know why sometimes the docs represent the integers as hex versus decimals.
In what follows, I represented the enumeration that I found online in a dictionary with the int as key, and the human-readable string description as value. Then use a function that casts the role as an int to do the translation, using that dictionary.
#Create a dictionary of all data roles
dataRoles = {0: 'DisplayRole', 1: 'DecorationRole', 2: 'EditRole', 3: 'ToolTipRole',\
4: 'StatusTipRole', 5: 'WhatsThisRole', 6: 'FontRole', 7: 'TextAlignmentRole',\
8: 'BackgroundRole', 9: 'ForegroundRole', 10: 'CheckStateRole', 13: 'SizeHintRole',\
14: 'InitialSortOrderRole', 32: 'UserRole'}
#Return role in a human-readable format
def roleToString(flagDict, role):
recastRole = int(role) #recast role as int
roleDescription = flagDict[recastRole]
return roleDescription
Then to use it, for instance in a model where roles are being thrown around and I want to see what's doing:
print "Current data role: ", roleToString(dataRoles, role)
There are different ways to do it, but I find this very intuitive and easy to use.
I have an online form that collects the user's contact information. Typical stuff - first & last name, address, city, state, zip, etc.
At one point in the process, they can enter information for another person as well. At that point, I show a modal popup with the very same fields for this other person.
I hate the repetition of the fields in my ASCX file. I'd like to define a single block of fields and show them in different contexts.
A twist to the plot is that the admin of the site can configure which fields are visible for each of the two contexts.
For example, they might say for the primary user, we want to ask for phone number, but we don't want to show that field for the additional people. In that situation, the phone number field would be visible for the main form, but hidden in the modal popup.
So the question is: What is the best way to reuse the same fields in different places of an ASP.NET form?
You can add another flag to your user control
Note : this flag must be declared as public property
public bool Flag
{
get;
set;
}
Your User control
First instance : <UCTagPrefix:UCTagName runat="server" id="" Flag="true"/>
Second instance : <UCTagPrefix:UCTagName runat="server" id="" Flag="false"/>
you can use another type if you want, this sample is based on boolean
Adapt the behavior of your user control with the value of your flag , in your code behind
If admin wants to configure visibility of each field, I think it would be better to add the field list to a database table like fieldName, userType1 (bit), userType2 (bit),... and then add the value 0 or 1 (Admin could do this via interface).
When you load the control get the corresponding values by passing userType to the database (stored procedure or query) and set visibility of each field accordingly.
I have a seam 2.2 app. Basically I have a form with about 30 input fields. Each field is backed by a property is SearchForm.java. When I click "Submit" I invoke DevicesList.java (implements EntityQuery) and jump to /DevicesList.xhtml. All the input fields and properties correspond to parameters listed DevicesList.page.xml.
In other words in DevicesList.page.xml we have
<param name="hostname" value="#{searchForm.devName}"/>
<param name="loopback" value="#{searchForm.devIp}"/>
<param name="platform" value="#{searchForm.platform}"/>
etc.
I am heavily customizing getEjbql() based on which searchForm properties are set. I have been stepping through the seam framework code and trying to find a datastructure to access that contains a list of parameters that have been set from the form. Where are these things?
If I have entered a string into the hostname field of the form, the hostname parameter must be set to the value of #{searchFrom.devName}. But how do I find out that the hostname parameter has been set?
The only alternative I can think of is to use reflection and loop through all the classes of SearchFrom and then perform introspection on the object to see which ones have been set and build my sql query from that.
There has to be a better way. Anyone know how this could be done?
This is done automagically by Seam, meaning that it won't add a restriction for a field of the form that has no value, so if the user only inputs data on the, for example, devName and devIp fields, then the query will be something like:
select d from Device d where devName = ? and devIp = ?
even if your DevicesQuery also adds 27 more restrictions for all the fields, they won't be added to the query because they are empty