Access Control

Access control systems manage authorization identification, authentication, access approval, and entity accountability through login credentials, including passwords, PINs or biometric scans, and credentials physical or electronic keys.

The access control to an information system is generally studied according to the AAA protocol (Authentication Authorization Accounting).

  • Authentication
    This first phase consists in verifying that the user corresponds to the identity that is trying to connect. The simplest here is to check an association between a password and an identifier, but more sophisticated mechanisms can be used such as smart cards, ...
  • Authorization
    This phase consists in verifying that the now authenticated user has the necessary rights to access the system. It is sometimes confused with the previous on small systems, but on larger systems, a user can be fully authenticated (ex: member of the company) but not have the necessary privileges to access the system (ex: page reserved for managers).
  • Traceability
    To fight against the usurpations of rights, it is desirable to follow the accesses to the sensitive computer resources (time of connection, follow-up of the actions, ...).
  • Access control modes
    The control of access to an information system resource is exercised according to two modes:
  • A priori mode
    This consists of auditing and configuring the access rights assigned to the users (we speak of "Identity and Access Management" or "Identity & Access Management").
  • Posterior mode
    This consists of controlling the access rights assigned to users at the time of accessing the system.

Les commentaires sont fermés.