Discuss the four parts of access control authorization ident

Discuss the four parts of access control (authorization, identification, authentication, accountibality). include an explanation of the various authentication types (knowledge, ownership, characterstics) in your discussion.

Solution

Access control related to security. It is basically transfer of information between an user or system1 with the other systems and resources. Here the user like program request to access the data from a resource which contain the data like Database. There are four parts of access control which will be discussed one by one.

The first part is identification. Whenever information is required users have to perform this step first to retrive information from resources. It has three properties- Scope, locality and uniquness of IDs. In case of identification name spaces can be differ. It may be a local or global scope. We are all familiar with E-mail. Now among a group of friends the name of one person is Subham and subhamdatta@yahoo.com refers to a particular that person in that particular group as there exists only one person with this name in that group\'s locality. At the same time if there is no person on that group whose name is Subham then no one then can\'t refer subhamdatta@yahoo.com as one of there group member Subham as Subham is not globally decleared and refers to the other person with different locality.

Next is authentication. It checks the authenticity of the identity declared at the first satge that is identification stage. Authentication is a stage that proves the subjects identity. There are three ways of authentication these are knowledge that is what you know, ownership that is what you have, and characterstics that is what you are.

In the first phase that is knowledge phase it includes passwords, secret codes, PIN\'s etc. The main thing in this stage is if u already know something that your friend\'s name is Subham that that person\'s name must be Subham. The advantage of this stage is that it is very easy to implement and its implementation cost is also low. But it can\'t be considered as a strong authentication technique.

In the second phase that is ownership phase. It is most widely used and it uses the method of keys. The main point in this phase is that if you possess some kind of token, you are the individual you are claiming to be. It is costly beacuase it contains an additional cost that is  inherent per-user cost. But it is better then the previous method.

Next phase is characteristics. It includes biometric methods. Biometric method involves the characteristics or behaviour of the human being which is used to identify and distinguish from one another. We can use various techniques under biometric method like voice recognizer, eye scan, finger print scan etc.

Next stage under access control is authorization which is a meyhod that controls the access of the information between users and resources. It can be alternatively said as rights or premissions to the users that dictates their limitation and what they can do on system. It includes various security policies. The main work of this stage is to allow the access of those users who has permission and prevent those users who has no sufficient rights to access the resources. Another improtant work is that it can give the permission to the user depending on the identity of the users.

Accountibality is another very improtant stage of access control. A system or resources that doesn\'t provide accountibality can\'t be think as secure. It is very improtant principle of information security. The main work is to establish responsibility for actions and the posibility of tracking actions etc. Logs and trails are mainly contain accountibality.