Identity Management and Access Control Mechanism

Introduction

Today, due to the widespread use of the internet network security has become a major issue and for this the identity management systems are being used. These are used to provide secure access to different types of users in a system. These are used for controlling unauthorized access and for protecting an organization’s information. Identity management involves using a different mechanism of identifying, authenticating and then authorizing the users. This is done to maintain data privacy. Problems related to identity management-:

•      Different users require different types of access

•      Different levels of classification like confidential, private and public. The earlier traditional methods were manual in which directory servers and information stored in files were used. But now new automated methods have come into use. Some identity management techniques used are-:
•      Password authentication

•      Delegation of tasks
•      User provisioning
•      Auditing and reporting

Authorization

This method is done after system checks that the user is authorized and then only it grants access to the resource and then actions permitted. The decision of allowing user access is based on access criteria. Access control permissions are not based on full control or no access. There are different types of access criteria-:

 Roles 

Groups

If it is based on the role then there is a task assigned to the user. Using groups is another way of assigning access control. Several users are put in a group and then assigned rights and privileges. So, we can say that it is the management’s responsibility to determine that security requirements are met and access is authorized. For access control, there is an access control model designed. This model is a framework that tells as to how a subject that is users access resources. There are

different mechanisms and rules followed to maintain access control. The access control system follows the major steps-:

1. Identification
2. Authentication
3. Authorization

Now let’s discuss different types of access control

Mandatory access control mechanisms

In this model, the access rights are regulated by control authority and not by users and data owners. It is known as strict model as compared to other mechanisms. The access to the resource object is governed by the settings in the administrator. The technique of security labels come here. In this the security labels are assigned with the two pieces of information first classification and second the category. Nowwhen any user tries to access the resource then the operating system checks the credential with the security label. If both are same then the resource access is allowed to that user. This offers the most secure environment. But it imposes a large amount of overhead due to updating objects and new users.

Discretionary access control

This is a method in which owners of the system are granted the right to set the policies and defining who is authorized to access the resource. It is different from the mandatory method in which administrators are allowed. But it lacks centralized control. It is the default access control mechanism. In this instead, of assigning security label that was there in MAC, each resource has an access control list where the list of users is stored. The list of users are those to which user has permitted access rights. This access control type is much flexible than MAC. But there is a risk of data insecurity.

Role-based access control

This access control is totally based on the user’s role within the organization. In this, a certain set of permissions are assigned to a particular role. In this, unlike MAC and DAC the object is only concerned about the user’s role and not the user. 

Rule-based access control mechanism

In this the access to the resource, is related to the set of rules defined by the administrator. It is not concerned with the role of the user like in role-based model. In the discretionary model, the access properties are stored in the form of access control lists but here the rules are defined. In this whenever any user tries to access a resource the operating system checks the rules and then allows the access to the resource object. In MAC access permissions are only allowed by system administrator.

Conclusion

So, identity and access control mechanisms are how much important for data security. It is very beneficial for the organization who have to maintain large amounts of data. Then we have also analyzed the DAC, MAC, RBAC mechanisms and their importance. This paper identifies the need for security of user and authentication. The main focus was to study different access control mechanisms. We have seen how much is the MAC control mechanism strict and powerful than the DAC model. Then we studied the differences between role-based and rule-based model. We also studied different identity management mechanics.

References

• Margaret, Rouse. (2018).Access control.Url: https://searchsecurity.techtarget.com
• Caballero, Albert. (2014).Information security esentials.
• Url: https://www.sciencedirect.com
• Rana, Monica. (2016).Types of access control mechanisms.Url:https://www.techmahindra.com/sites