Capability (Identity & Security)
Top > Transversal > People and Process > Architectural Capabilities > Capability (Identity & Security)
- DAC - Discretionary Access Control (DAC) is a scheme where the actor can influence policies within its assgined scope. A typical example is allowing read access to "others" by the owner of a UNIX file. It is normally (but not necessarily), the opposite of MAC. 🌐
- Directory Service - A directory service typically provides a user/password database together with authentication and authorisation capabilities. Most implementations are wire-compatible with the LDAP protocol. 🌐
- IdP - An Identity Provider (IdP) is typically a trusted provider that lets users authenticate using single sign-on (SSO). 🌐
- Identity Federation - Identity Fedartion allows a user's single authentication ticket, or token, to be trusted across multiple IT systems or organisations. It is normally a capability required by SSO in complex multi-site deployments. 🌐
- MAC - Mandatory Acess Control (MAC) constraints the ability of a actor to access or perform an action against a given object. It is the opposite of DAC. 🌐
- OAuth - The OAuth authorisation framework enables third-party applications to obtain limited access to a web service. 🌐
- PDP - A Policy Decision Point (PDP) is a system entity that makes authorisation decisions for itself or for other system entities that request such decisions. 🌐
- PEP - A Policy Enforcement Point (PEP) is a network device on which policy decisions are carried out or enforced. 🌐
- RBAC - Role-Based Access control (RBAC) allows restricting system access to authorised users. It is a policy-neutral mechanism based on the concepts of roles and privileges. 🌐
- SSO - Single-Sign On (SSO) allows user to log in with a single ID and password to gain access to any of several related systems. It enhances usability by reducing password fatigue. 🌐
Before You Leave
🤘 Subscribe to my 100% spam-free newsletter!