Logical Access Controls for Subjects
Logical access controls can be based on one or more criteria, including:
- Who—The identity of the subject, proven by a username and password combination or other authentication technique
- What—The type of access being requested
- When—The time of day or day of week the request is made
- Where—The physical or logical location of the user placing the request
- How—The context of the access request
You should take each of these criteria into account when designing an authorization system.
Who
The “who” criterion is the most intuitive, as discussed above. One subject may be given access while another is denied.
What
The decisions made by authorization systems must ...
Get Access Control and Identity Management, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
