more on sirris.be
back to overview
Access Control Clearance

Identification, Authentication and Authorisation

Access Control Clearance

Question

How to enforce access and usage control policies for different types of authentication?

Context

In general, the access and usage control of data are governed by policies in which it defines who can do what in which circumstance. However, ensuring user respects what is defined in policy is a challenge. For example, if policy states that user needs to notify data owner before accessing or using it, it is an obligation to ensure that notification message reaches data owner before data is released or made accessible to user.

Solution

The key solution to policy enforcement is to develop the policy enforcement point (PEP) acting as the intermediary between policy decision point (PDP) and client application. PEP forwards request from client to PDP system and retrieves access and usage control decision from PDP. PEP is also responsible for enforcing policy by executing obligation if needed.

References

Risk-adaptable access control - csrc.nist.gov
Access control policies enforcement in a cloud environment: Openstack - ieeexplore.ieee.org

Identification, Authentication and Authorisation Navigation

Multi-Factor Authentication

Multi-Factor Authentication
Access token

Access token
Federation

Federation
Mutual Authentication

Mutual Authentication
Secure User Onboarding

Secure User Onboarding
Per-Request Authentication

Per-Request Authentication
Identity and Access Manager

Identity and Access Manager
Access Control Clearance

Access Control Clearance