Access Control 32
Access Control 32 : Computer Security: In a capability-based model, holding an unforgettable reference or capability to an object provides access to the object (roughly analogous to how possession of your house key grants you access to your house); access is conveyed to another party by transmitting such a capability over a secure channel. In an ACL-based model, a subject's access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. (Different ACL systems have a variety of different conventions regarding who or what is responsible for editing the list and how it is edited). Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject). Access control systems provide the essential services of authorization, identification and authentication (I&A), access approval, and accountability where: (a) authorization is to specify what a subject can do; (b) identification and authentication enforces that only legitimate subjects can log on to a system; (c) access approval is to grant access during operations, by association of users with the resources that they are allowed to access based on the authorization policy; (d) accountability identifies what a subject (or all subjects associated with a user) did
No records Found