Identity and Access Management - Part III Access Management
In past few days a lot of discussions and past memories have resurfaced that has helped me bring together my ideas on the Access management piece of the Identity Access Management. So this is an attempt at putting together all those thoughts and ideas that I have heard from other people and some that I understood. See these locations for more details
Tutorial of American National Standard on Role Back Access Control
Types of Access Control
SACMAT
TISSEC (search for access control)
What is Access Control Access Control is the mechanism by which a resource / object manager restricts the actions / operations that an identified user or Subject (including anonymous users) can perform on a resource or object based on predefined policy.
Based on this simple definition we can see that following are the basic components of Access Control
Subject The person, process, any physical or logical entity or group of entity who can be identified uniquely in a Access Control system / dom...