One of the most fundamental concepts in the world of digital identity is access control. Access control is the process of granting certain subjects access to a resource while denying others access. Even the notion of granting access is too coarse-grained—in many cases, we must control what actions a subject is allowed take on a resource. Some examples:
We want to grant each employee access to his email box, but not to anyone else's. Email administrators are granted access to everyone's email accounts.
The bank grants me access to my bank account but limits that access in certain ways. For example, I can only withdraw up to some preset limit at the ATM. My wife has access to the same account. Bank employees have access to the account but only in controlled situations.
The software I use to manage my web site has access to the web site and can create new files and delete or update existing ones. Anyone is granted access to the files for reading.
We've seen in Chapter 7 how authentication can be performed to certify a set of credentials and their associated identity. Our ultimate goal, however, is to use that identity to control the actions that subjects can take on resources. This is called access control, and it is based on determining a set of authorizations for a given identity. In this chapter, we'll explore some of the issues, patterns, and technology surrounding access control.
Access control is first and foremost a policy question. Access-control ...