Computing Case Study



Computing Case Study

1. Produce a Use Case Diagram for the required new system for the optician's administrative system. Ans.Referring to Mr. Malik's plan The SHARE administration tool is used for adding authentication information for users and specifying access privileges of a user based on his/her role(s) within the organization and/or the group(s) he/she belongs to. It is also used to create and manage the roles, groups and other resources. This specification describes an administration tool that is powerful enough to manage almost any security policy. On the other hand the tool is fairly technical. It may to necessary to hide this complexity from novice users, perhaps by adding wizards for common administration functions. (Stringer, 2003)

Users within a system can be restricted access to resources according to their respective roles within the organization using Role-Based Access Control (RBAC). RBAC consists of three entities: user, role and permission, where user and role & role and permissions are many-to-many relationships, i.e., users are assigned roles and roles have permissions for the resources. A role in our system coincides with the real world designation of the person within the organization and is a long-term entity. Each person within the organization is assigned at least one role. When an administrator logs in, or by clicking the People tab, a list of individuals within the organization would be displayed from which an individual can be chosen to view, edit or delete. The ability to add a person is also provided. The following screenshot is an example. The following screenshot shows the page for adding a person. The page for editing a person's information would have the same layout. Most of the information entered in the above screenshot is self explanatory. The “Role(s)” and the “Group(s)” lists specify the roles and groups the person belongs to. All of this information, except for the “Password” attribute, would be entered into the LDAP server.

Figure 1

The “Id” and “Password” attributes would be used to create a new user entry in the Kerberos server. The “Allowed IPs” field allows the administrator to restrict a person's access based on the IP address he is using to login from. The administrator can specify multiple IP addresses or address ranges. The IP address ranges are used to specify a range of IP addresses using the /xx suffix, for example /8, /16 or /24, which would specify an address mask of 8, 16 or 24 bits. For example, in the above snapshot 192.168.20.0/24 means that the address mask applies to the left most significant 24 bits. Thus addresses from 192.168.2.0 to 192.168.2.255 are allowed by this IP address range. When a person performs a login, his IP address would be compared with all the allowed IP addresses by first applying the corresponding address masks (if any). If a match is successful, the person is allowed further access. The eye diagram is an oscilloscope display of a digital signal, repetitively sampled to get a good representation of its ...