18 Deployment Guide Series: IBM Tivoli Identity Manager 5.0
1.5.2 Other access control models
There are two other access control models that are often found in use: the
Discretionary Access Control (DAC) model and the Mandatory Access Control
The DAC model is when the owner of a resource decides whether to allow a
specific person access to their resource. This system is common in distributed
environments that have evolved from smaller operations into larger ones. When
it is well managed, it can provide adequate access control, but it is very
dependent upon the resource owner understanding how to implement the
security policies of the organization, and of all the models, it is most likely to be
subject to “management by mood.” Ensuring that authorized people have access
to the correct resource requires a good system for tracking users leaving, users
joining the organization, and users changing jobs. Tracking requests for change
is often paper driven, error-prone, and can be costly to maintain and audit.
The MAC model is where the resources are grouped and marked according to a
sensitivity model. This model is most commonly found in military or government
environments. One example is the markings of Unclassified, Restricted,
Confidential, Secret, and Top Secret. A user’s privileges to view certain
resources will depend upon that individual’s clearance level.
1.5.3 Which model
All three models just discussed have advantages and disadvantages associated
with them. Which model an organization uses will depend upon a number of
factors, including, but not limited to, externally mandated policies, the maturity of
existing identity management processes, the range of identity management
target systems, future requirements, the number of users managed, and risk
assessment and return on investment statistics.
The key to this kind of system is the ability to use background security checking
of personnel to a greater level than that which is normally carried out in a
business or non-governmental environment. It is also key for data of different
levels of sensitivity to be kept segregated.