2006-08-30 08:46:48 · 2 answers · asked by jon s 1 in Computers & Internet ➔ Security
I am a Security Acccess Control Expert
ACL is a requirement internationally for Sarbanes Oxley and HIPAA.Access Control is any mechanism by which a system grants or revokes the right to access some data, or perform some action. Normally, a user must first Login to a system, using some Authentication system. Next, the Access Control mechanism controls what operations the user may or may not make by comparing the User ID to an Access Control database.
Access Control systems include:
File permissions, such as create, read, edit or delete on a file server.
Program permissions, such as the right to execute a program on an application server.
Data rights, such as the right to retrieve or update information in a database.
Definition of Single Sign-On
A Single Sign-On system is a set of software components, usually distributed over a network, which allow a user to log into his workstation once, and thereafter start applications and network Login Session's without any further Authentication. The initial Login may be carried out using Credentials, such as a User ID and Password, or another technology, such as a Public Key Infrastructure or a Smart Card.
A Single Sign-On system normally works as follows:
The user logs into his workstation.
A component of the Single Sign-On system installed on the workstation intercepts and stores the user's Credentials.
The Single Sign-On software displays a menu listing applications that the user may access.
The user selects a menu option or icon to start an application.
The Single Sign-On software retrieves the user's Credentials for the application from a central database. The Credentials used by this user to log into the workstation in the first place are normally used to access the central database.
A script is used to launch the application, and type the user's User ID and Password into it automatically.
This technology addresses some common support problems:
Users tend to forget their passwords. With Single Sign-On, they only actively use one password, so are less likely to forget it.
Users don't like to enter their Credentials multiple times.
Unfortunately, this technology also has some deployment and security problems:
The Password server is an attractive target for Intruder's, since it contains Plaintext or decryptable Credentials for many users and systems.
If the Password server is damaged, then many applications become unavailable. This constitutes a major Denial of Service problem.
Scripts used to launch applications are quite fragile.
The entire system is complex and difficult to install.
The software tends to be quite expensive.
An alternative technology, which resolves some of the same issues, but is not subject to the same problems, is Password Synchronization.
Single sign on is
2006-08-30 08:51:34 · answer #1 · answered by god knows and sees else Yahoo 6 · 0⤊ 0⤋
What access control are you specifically referring to?
2006-08-30 08:54:54 · answer #2 · answered by Anonymous · 0⤊ 0⤋