Access control is “the process of granting or denying specific requests . . . ".
This process needs the following inputs:
• Who issued the request?
• What is requested?
• Which rules are applicable when deciding on the request?
“Who” in the First question is dangerous. The word suggests that requests always come from a person.
This is inaccurate for two reasons. First, the source of a request could be a particular machine, a machine in a particular configuration, or a particular program, e.g. a particular Android app. Secondly, at a technical level, requests in a machine are issued by a process, not by a person.
The question thus becomes, “for whom or what is the process speaking for when making the request?” “What is requested” is frequently given as a combination of an action to be performed and the object on which the action is to be performed. The rules are logical expressions that evaluate to a decision.
In the elementary case, the decision is permit or deny. When policies get more elaborate, there may be reasons for adding an indeterminate decision. A decision may also prescribe further actions to be performed, sometimes called obligations.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
