Topological description of access control Sample Clauses

Topological description of access control. The realization of access control in OpenTox is currently based on a central SSO server which is employed by individual web services to decide on a user’s access to them or to other services to which the former act as gateways or proxies. Figure 20 depicts the main concept and how services interact with the single access control manager when a single service is involved. The client identifies itself providing an authentication token42 to the OpenTox web service it wants to access. Tokens are generated by the SSO services upon request (over a secure TLS-encrypted connection43, i.e. a connection using the Transport Layer Security protocol as described by the RFC-524644 specifications) of the user's identifier and password (user credentials) and have a certain lifetime. In the current implementation, tokens stay active for 24 hours unless they are invalidated by the client. The web service receives this token, and using the SSO service, checks whether the token is valid (corresponds to a logged in user) and whether that user is granted the necessary privileges to perform the request. If authentication or authorization fails, a status code 40145 is returned to the user along with an error report46. 41 xxxx://xxx.xxxxxxx.xxx/data/documents/development/opentoxreports/opentoxreportd33/view?searchter m=D3.3 42 xx.xxxxxxxxx.xxx/xxxx/Xxxxxxxx_xxxxx 43 xx.xxxxxxxxx.xxx/xxxx/Xxxxxxxxx_Xxxxx_Xxxxxxxx 44 xxxxx.xxxx.xxx/xxxx/xxx0000 45 HTTP Status code 401 definition: xxx.x0.xxx/Xxxxxxxxx/xxx0000/xxx0000-xxx00.xxxx#xxx00.0.0 46 OpenTox specifications for Asynchronous Tasks and Error Reports: xxxx://xxxxxxx.xxx/dev/apis/api- 1.2/AsyncTask Figure 20: Protection of confidential information in the request-response chain In case the initial client request induces a second request from the invoked service, this is always done on behalf of the user using the provided token. This token is passed to the next service(s) of the workflow and in case authorization fails somewhere in the middle, an error report is generated and propagated backwards to the client with a status code 40147. In the scheme described in Figure 21, service 1 passes to the remote service the token of the user that initiated the request. In this way, it is guaranteed that an end user will not access either directly or indirectly (through some other service) confidential data, unless he is authorized to do so. Figure 21: Protection of confidential data in a multi-service application
Sample 1
AutoNDA by SimpleDocs

Related to Topological description of access control

  • General Description of Work The work under this AGREEMENT shall consist of the above-described SERVICES as herein defined, and necessary to accomplish the completed work for this project. The CONSULTANT shall furnish all services, labor, and related equipment and, if applicable, sub-consultants and subcontractors necessary to conduct and complete the SERVICES as designated elsewhere in this AGREEMENT.

  • Description of Work (a) that has been omitted or

  • System Description The DLCS is a network consisting of devices which are remotely controlled over RF transmission equipment by the PowerCAMPTM Software or equivalent. CL&P shall have access to the PowerCAMP™ LMS (as defined below) via the web interface. The PowerCAMPTM LMS shall include the software and hardware necessary to manage the Control Devices installed at the End-use Equipment at Participating Facilities. The PowerCAMPTM LMS includes AER’s PowerCAMPTM Server and PowerCAMPTM Suite, networking equipment, and third party software. PowerCAMPTM LMS Hardware

  • Detailed Description of Services / Statement of Work Describe fully the services that Contractor will provide, or add and attach Exhibit B to this Agreement.

  • Attachment A, Scope of Services The scope of services is amended as follows:

  • Site Description 2.5.1 If reasonably requested by the A/E as necessary for the Project, the Owner shall furnish a legal description and a certified land survey of the Site, giving, as applicable, grades and lines of streets, alleys, pavements and adjoining property; rights-of-way, restrictions, easements, encroachments, zoning, deed restrictions, boundaries and contours of the Site; locations, dimensions, and complete data pertaining to existing buildings, other improvements, and trees; and full information concerning available service and utility lines, both public and private, above and below grade, including inverts and depths.

  • General specifications 6.1.1. A vehicle and its electrical/electronic system(s) or ESA(s) shall be so designed, constructed and fitted as to enable the vehicle, in normal conditions of use, to comply with the requirements of this Regulation.

  • Data Access Control Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage. Measures: • As part of the SAP Security Policy, Personal Data requires at least the same protection level as “confidential” information according to the SAP Information Classification standard. • Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. • All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems. • SAP does not allow the installation of software that has not been approved by SAP. • An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required.

  • General Description of Services The A-E will be contacted by COUNTY Project Management staff on an “as-needed” basis as projects arise to provide A-E for professional services. Requirements will be discussed by both Parties and A-E shall prepare a written Scope Statement that will include the specific work to be performed, including the costs and time required to complete the project/task. Orange COUNTY Project Management staff will then review the A-E’s Scope Statement, proceed with negotiation of task costs and when satisfied, issue a Contract Task Order (CTO) against this CONTRACT. The A-E shall serve as lead of a design team that may include other construction design professionals working together to ensure that the original design is carried through to the finished product, with no alterations in materials or design that would lead to safety issues or compromise the quality of the building or building component. Other team members who may be retained by the lead to support a project as a consultant may include but are not limited to landscape architects, lighting designers, data consultants, security consultants, controls engineers, commissioning consultants, traffic engineers, surveyors, estimators, special inspection, etc. The A-E shall be responsible for the preparation of comprehensive building assessments, designs, drawings, specifications, cost estimates, and reports within the scope of the Contract Task Order (CTO). In the preparation of construction drawings and specification, the A-E shall also responsible for:

  • Project Location & Description The Project, for which the provision of financial assistance is the subject of this Agreement, is hereby described as follows:

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!