SERVICES

ACCESS CONTROL

  • Authorization specifies what a subject can do
  • Identification and authentication ensure that only legitimate subjects can log on to a system
  • Access approval grants access during operations, by association of users with the resources that they are allowed to access, based on the authorization policy
  • Accountability identifies what a subject (or all subjects associated with a user)