Access control

The access control to a Information system, consists in associating Rights of access and/or resources with an entity (nobody, Ordinateur…), thus allowing the entity to reach the resource wished with the right which is granted to him.

An access control can be logical and/or physical (Password, Carte, Clé, Biométrie,…), and the possibility offers of reaching:

• Of the physical resources: a building, a Local ,
• or Logical S: a Computing system for example: a Operating system or a specific application.

Authentication, Authorization, Accounting

The access control to a Information system is generally studied according to the Protocole AAA (in English: Authentication Authorization Accounting ).

Authentification

This first phase consists in checking that the user corresponds well to the identity which seeks to be connected. Simplest here consists in checking an association between a Password and an identifier, but of the more elaborate mechanisms can be used a such Smart card,…

Authorization

This phase consists in checking that the user now authenticated lays out of the necessary right to reach the system. It is sometimes confused with the preceding one on small systems, but on more important systems, a user can completely be authenticated (ex: member of the company) but not to have the privileges necessary to reach the system (ex: page reserved to the managers).

Traceability

To fight against the right usurpations of , it is desirable to follow the accesses to the significant computer's resources (hour of connection, follow-up of the actions,…).

Modes of access control

The access control to a resource of the information system is exerted according to two modes:

; Mode a priori This consists in the audit and the configuration of the Rights of access allotted to the users (one speaks about " Management of the identities and the habilitations" or " Identity & Management" Access;).

; Mode a posteriori This consists in the control of the Rights of access allotted to the users at the time of the access to the system.

Examples of application

French companies

The French law obliges to differentiate the databases from the various control systems of access, in particular between the system the access control physical to certain “significant” parts of a building and the control of presence of the employees in the company. The companies which enfreignent, inadvertently or by calculation, this rule of separation are each time condemned to heavy fines.

The physical access control thanks to the Biométrie starts to develop but it, also, is very supervised to him by CNIL. Other types of access control use in particular the RFID.

La Poste

La Poste developed a physical control system of access named Vigik making it possible to free itself from the master keys previously used to reach the residential buildings. The manufacturers of access control for the dwellings residential use the same antenna of reading for the badges residents not VIGIK in order to have 2 different uses on the same reader: Function VIGIK being useful for the postal services, EDF-GDF, the general one of Water, France telecom and any other operator wishing to become providing VIGIK + Access control the badges Residents.

Appendices

See too

• Rights of access

• Data security
• informational Inheritance
• single Authentification
• Safety of information
• Information system security
• Individual sign one
• strong Authentification

External bond

• Liberty Alliance: this project tries to define a system of interworking between the protective systems of the type Web-SSO.

Random links:

McCord museum | Acanthite | Prisoners of hatred | Christian François Antoine Faure de Gière | Louis Pandellé | Ériu

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org