The access management layer consist of access control mechanisms, such as authentication and authorization. This layer also consists of accountability mechanisms such as logging and monitoring activities.
One of the primary concepts in access control is that of subject and object.
A subject maybe a person, process, or technology component that either seeks access or controls the access. A physical entry to a data center and login to a system are examples of access. Hence, an employee trying to access their business e-mail account is a subject; similarly, the system that verifies the credentials, such as the user name and password, is also termed as subject.
An object can be a ...