Before going into available database oriented solutions, it is necessary to go through the theoretical definition of Access Management and the basic design of it that has been developed by Lampson. And then the researcher will present the most significant Access Management methods such as DAC, MAC, RBAC, XACML and the Hippocratic database.
Chong (2004) defines Identity and Access Management (I&AM) as follows:
"Identity and access management refers to the processes, technologies and policies for managing digital identities and controlling how identities can be used to access resources."
46 From the above definition it can be noted that:
• I&AM is not just about technology, but rather, is comprised of three
indispensable elements: policies, processes and technologies. Policies refer to the constraints and standards that need to be followed in order to comply with regulations and business best practices; processes describe the sequences of steps that lead to the completion of business tasks or functions; technologies are the automated tools that help accomplish business goals more efficiently and accurately while meeting the constraints and guidelines specified in the policies.
• The relationships between elements of I&AM can be represented by
the triangle illustrated in Figure 6. Of significant interest is the fact that there is a feedback loop that links all three elements together. The lengths of the edges represent the proportions of the elements relative to one another in a given I&AM system. Varying the proportion of one element will ultimately vary the proportion of one or more other elements in order to maintain the shape of a triangle with a sweet spot (shown as an intersection in the triangle).
• The triangle analogy is perfect for describing the relationships and
interactions of policies, processes and technologies in a healthy I&AM system as well. Every organisation is different and the right mix of technologies, policies and processes for one company may not necessarily be the right balance for a different company. Therefore, each organisation needs to find its own balance represented by the uniqueness of its triangle.
Figure 6: Essential elements of an identity and access management system (C
All the information represented in the previous section is usually stored in databases. Databases traditionally have access control mechanisms associated with them. So
solutions, it should be emphasi
elements of the triangle above. And in order to know how each subject and object acts on the process and polices of the previous triangle, the Lampson’s model should be explained.
In Computer Science,
abstract, formal security model
characterise the rights of each subject with respect to every object in the system. It was first introduced by
In his model, Lampson define unauthorised actions on information
– An attacker has access to the raw bits representing the information 47
: Essential elements of an identity and access management system (C 2004).
All the information represented in the previous section is usually stored in databases. Databases traditionally have access control mechanisms associated with them. So in order to discuss any of the data base oriented emphasised that all of them should have the essential elements of the triangle above. And in order to know how each subject and object acts on the process and polices of the previous triangle, the Lampson’s model should be explained.
cience, an Access Control Matrix or Access Matrix
security model of protection state in computer systems that e the rights of each subject with respect to every object in the system. It was first introduced by (Lampson, 1971).
his model, Lampson defines security to be the prevention and detection of ed actions on information. He splits them into two important cases: An attacker has access to the raw bits representing the information
: Essential elements of an identity and access management system (Chong
All the information represented in the previous section is usually stored in databases. Databases traditionally have access control mechanisms in order to discuss any of the data base oriented that all of them should have the essential elements of the triangle above. And in order to know how each subject and object acts on the process and polices of the previous triangle, the Lampson’s
Access Matrix is an of protection state in computer systems that e the rights of each subject with respect to every object in the
prevention and detection of He splits them into two important cases: An attacker has access to the raw bits representing the information;
48
– In this case cryptographic techniques are needed;
– There is a software layer between the attacker and the information and thus there is a need for access control techniques.
Figure 7: General Access Control Model (Lampson’s model (Lampson and Butler, 1971)).
As shown in the figure above:
– Actions are written as procedures – Behaviour of the guard is specified by:
• Declaration of state variables
• Implementations of the action procedures
In short all the database oriented solutions below would be based on the above principles of Lampson’s model. All of them would have two areas: Authentication and Authorisation. Inside the Authentication area they would have the principal and action, but the content of the principal and action would differ according to the design of different methods.
In the next section the researcher will start to look at the different Database Oriented Solutions available in the literature, and highlight their infrastructure and their advantages and disadvantages in solving the problem at hand.
49