Access Control Fundamentals
In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.
7. Identification Authentication and Authorization
7.2. Identity Management
- Identity Management is a broad term that encompasses the use of different products to identify, authenticate, and authorize users through automated means.
- Identity management system is the management of the identity life cycle of entities (subjects or objects) during which:
- The identity is established as:
- a name (or number) is associated to the subject or object; and
- the identity is re-established: a new or additional name (or number) is connected to the subject or object;
- The identity is described as:
- one or more attributes which are applicable to this particular subject or object may be assigned to the identity; and
- the identity is newly described: one or more attributes which are applicable to this particular subject or object may be changed;
- The identity is destroyed.
- Identity Management Challenges
- Identity Management Technologies
- Authorization Principles