Overview#Access Control or Privilege Management is the process determining Authorization for Access to a Resource
Typically Access Control involves an authority (Trustor) who does the controlling.
An Access Control Models define various methods of Access ControlProtected Resource could be a given building, group of buildings, or computer-based information system. But it can also refer to a restroom stall where access is controlled by using a coin to open the door.
Access Control is the means by which the ability is explicitly enabled or restricted through physical and system-based controls.
Access Control Process#Access Control is defined within a Policy and enforced by a Policy Enforcement Point based on the decision from the the policy Decision Point which has acquired information from policy Information Point. Logical Access Control term originated as a counter to Physical Access Control
Normally Access Control is typically enforced by the application of low level implementation within the particular application or system.
In an ACL-based security model, when a Subject requests an operation on a Resource, the system first checks the ACL for an applicable entry in order to decide whether the requested operation is authorized.Access Control Models for implementation of Access Control. LDAP server, an Access Control provides a mechanism for restricting who can get access to various kinds of information in the DIT.
The Access Control provider may be used to control a number of things, including:
- Whether or not a DUA can retrieve an LDAP Entry from the DIT.
- Which attributes within the LDAP Entry the DUA is allowed to retrieve.
- Which values of an attribute the DUA is allowed to retrieve.
- The ways in which the DUA is able to manipulate DIB for the directory.
A number of things can be taken into account when making Access Control decisions, including:
- The DN as whom the user is authenticated.
- The Authentication Method by which the client authenticated to the DSA.
- Any groups in which that user is a member.
- The contents of the authenticated LDAP Entry
- The contents of the Target Resource LDAP Entry.
- The address of the DUA system.
- Whether or not the communication between the client and server is secure.
- The time of day and/or day of week of the attempt.
See the documentation for details on the Access Control syntax used by the LDAP Server Implementation vendor.OpenDS is one we are aware, also provides a Privilege Management Infrastructure that can be used to control what a user will be allowed to do. One of the privileges available is the "bypass-acl" privilege, which can be used to allow that DUA to bypass any restrictions that the Access Control subsystem would otherwise enforce. WEB Access Management are Access Control products that are specific to WEB Access Control.
More Information#There might be more information for this subject on one of the following:
- API Management
- Access Control Entry
- Access Control List
- Access Control Models
- Adaptive Policy-based Access Management
- Best Practices for LDAP Security
- Context Based Access Control
- Cross-site scripting
- Digital Context
- Discretionary Access Control
- Enterprise Directory
- Glossary Of LDAP And Directory Terminology
- Graded Authentication
- ISO 10181-3
- Identity Lifecycle Management
- Identity Management
- Identity and Access Management
- Java Authentication and Authorization Service
- LDAP Authentication
- Life Management Platform
- NAM Access Manager
- OAuth Scope Example
- Object ACL
- Oracle Access Manager
- Password Administrator
- Password Policy Administrator
- Payment Card Industry Data Security Standard
- Privilege Management
- Real Risk
- Resource Provisioning
- SOC 2
- Sensitive But Unclassified
- Vendor Relationship Management
- WEB Access Management
- Web Blog_blogentry_010117_1
- Web Blog_blogentry_010317_1
[#1] Loosely adapted from http://en.wikipedia.org/wiki/Access_control - 2012-09-30