Overview#

Access Control or Privilege Management is the process determining Authorization for Access to a Resource

Access Control is the process of determining whether an Permission has been Authorized by a Trustor to a Trustee.

Access Control is most concerned with controlling access to a Protected Resource and limiting Risk

The action of Access Control is referred to as Resource Provisioning and includes Access Management

Typically Access Control involves an authority (Trustor) who does the controlling.

An Access Control Models define various methods of Access Control

Access Authority is an Authoritative Entity responsible for monitoring and granting access privileges for other authorized entities

Access Control Examples#

The Protected Resource could be a given building, group of buildings, or computer-based information system. But it can also refer to a restroom stall where access is controlled by using a coin to open the door.

Access Control is the means by which the ability is explicitly enabled or restricted through physical and system-based controls.[1]

Access Control Process#

Access Control is defined within a Policy and enforced by a Policy Enforcement Point based on the decision from the the policy Decision Point which has acquired information from policy Information Point.

Logical Access Control #

Logical Access Control term originated as a counter to Physical Access Control

Normally Access Control is typically enforced by the application of low level implementation within the particular application or system.

In an ACL-based security model, when a Subject requests an operation on a Resource, the system first checks the ACL for an applicable entry in order to decide whether the requested operation is authorized.

Access Control Models #

There are many Access Control Models for implementation of Access Control.

LDAP servers#

For an LDAP server, an Access Control provides a mechanism for restricting who can get access to various kinds of information in the DIT.

The Access Control provider may be used to control a number of things, including:

A number of things can be taken into account when making Access Control decisions, including:

See the documentation for details on the Access Control syntax used by the LDAP Server Implementation vendor.

Privilege#

In addition to the Access Control subsystem, some implementations, OpenDS is one we are aware, also provides a Privilege Management Infrastructure that can be used to control what a user will be allowed to do. One of the privileges available is the "bypass-acl" privilege, which can be used to allow that DUA to bypass any restrictions that the Access Control subsystem would otherwise enforce.

WEB Access Management#

WEB Access Management are Access Control products that are specific to WEB Access Control.

More Information#

There might be more information for this subject on one of the following:
[#1] Loosely adapted from http://en.wikipedia.org/wiki/Access_control - 2012-09-30

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-42) was last changed on 16-Apr-2017 09:32 by jim