Access control is a powerful tool to protect the entrance to an entire website, only certain specific directories or even individual files/programs. This control usually consists of two steps:
The authentication that identifies the user or machine. It identifies that the resources accessing by user or machine is protected or not.
Second is the assignment of rights, i.e. the authorization. It gives the user privileges to perform certain operations with the protected data, such as read, edit, create, etc.
We will generally discuss the access control and its necessity. We will also look at its possible two approaches as well as the consequences if it is not properly applied.
Discussion
Evolution of access control
Nobody can deny the new reality of a world on which is woven a network sprawl. To function effectively, all companies must share personal or confidential information, but they must also take responsibilities and ensure that information is effectively protected and used to good appropriately thereafter. Government agencies and companies that fail to comply the laws behind these standards may incur real consequences for example their reputations, have to comply with legal obligations and feel difficulty in obtaining information from citizens, customers and associates.
How then can companies effectively share information and comply with legal requirements while minimizing the risks of leaving sensitive information travel outside of their own networks and groups? Fortunately, solutions exist; the information exchange can be seen in the context of a problem access control that has evolved based on new assumptions:
Many companies may have access to information
The information can be accessed by external users or shared with these
Everyone may have to undergo many authorities. A new model based on governance responds effectively to these new assumptions. It's called the Access Control Governance (CAG). The access control methods have not kept pace with technological developments and societal recent years. The ubiquity of increasingly marked Internet and the increasing use of personal data impose the need to protect the information under legislation in full resurgence. E-government, the partnership between the public and the private, the terrorist threat and technological developments that can restructure systems and business processes push the exchange of information beyond the boundaries of firms and states.
Companies wishing to comply with seemingly conflicting exchange and protection of information are paralyzed by the traditional models of access control. This is because they fail to whether they violate the law, if they disclose information wrongly or if they are exposed to liability. The CAG is an essential method for the company that wants to share information while taking responsibility and managing risks. The AGC eliminates the fundamental challenge facing every company is now: how the right information to the right people for the right reasons without knowing the details? Faced with the rapid adoption of collaborative architectures based services that by their nature are inherently open and interoperable, it is imperative that companies trade and protect their information in accordance with the laws ...