Related Research Articles
Terminal Access Controller Access-Control System refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks including but not limited to the ARPANET, MILNET and BBNNET. It spawned related protocols:
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:
A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.
A digital identity is data stored on computer systems relating to an individual, organization, application, or device. For individuals, it involves the collection of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.
PERMIS is a sophisticated policy-based authorization system that implements an enhanced version of the U.S. National Institute of Standards and Technology (NIST) standard Role-Based Access Control (RBAC) model. PERMIS supports the distributed assignment of both roles and attributes to users by multiple distributed attribute authorities, unlike the NIST model which assumes the centralised assignment of roles to users. PERMIS provides a cryptographically secure privilege management infrastructure (PMI) using public key encryption technologies and X.509 Attribute certificates to maintain users' attributes. PERMIS does not provide any authentication mechanism, but leaves it up to the application to determine what to use. PERMIS's strength comes from its ability to be integrated into virtually any application and any authentication scheme like Shibboleth (Internet2), Kerberos, username/passwords, Grid proxy certificates and Public Key Infrastructure (PKI).
Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby a subject's authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment attributes.
The University Computing Centre in Zagreb has a long tradition in the area of information and communication technologies. It was founded in 1971 within the University of Zagreb, the only Croatian university at the time, with the purpose to enhance the implementation of information technologies in the academic community as well as in Croatia in general.
Distributed Access Control System (DACS) is a light-weight single sign-on and attribute-based access control system for web servers and server-based software. DACS is primarily used with Apache web servers to provide enhanced access control for web pages, CGI programs and servlets, and other web-based assets, and to federate Apache servers.
An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.
Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.
Model-driven security (MDS) means applying model-driven approaches to security.
GARR is the Italian national computer network for universities and research. The main objective of GARR is to design and manage a very high-performance network infrastructure that delivers advanced services to the Italian academic and scientific community. The GARR network is connected to other national research and education networks in Europe and the world, is an integral part of the global Internet, and thereby promotes the exchange and collaboration between researchers, teachers, and students worldwide.
eduGAIN is an international interfederation service interconnecting research and education identity federations. It enables the secure exchange of information related to identity, authentication and authorization between participating federations. The service is managed by a team led by TERENA. eduGAIN® is a registered trademark of DANTE.
In computer security, general access control includes identification, authorization, authentication, access approval, and audit. A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric scans, physical keys, electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems.
A software-defined perimeter (SDP), also called a "black cloud", is an approach to computer security. Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted. Application infrastructure is effectively “black”, without visible DNS information or IP addresses. The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.
The European Open Science Cloud (EOSC) is a European Commission initiative aiming at developing an infrastructure providing its users with services promoting open science practices. Besides being open science oriented, the envisaged infrastructure is built by aggregating services provided by several providers following a System of systems approach.
The zero trust security model, also known as zero trust architecture (ZTA), and perimeterless security describes an approach to the strategy, design and implementation of IT systems. The main concept behind the zero trust security model is "never trust, always verify", which means that users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.
References
- ↑ "Authentication and authorization infrastructures (AAIs): A comparative survey". ResearchGate. Retrieved 2021-03-21.
- ↑ "Authentication and Authorization Infrastructure: Portal Architecture and Prototype Implementation". ResearchGate. Retrieved 2021-03-21.
- ↑ "Case Study of the Usage of an Authentication and Authorization Infrastructure (AAI) in an E-Learning Project". ResearchGate. Retrieved 2021-03-21.
- ↑ "How to Adapt Authentication and Authorization Infrastructure of Applications for the Cloud". ResearchGate. Retrieved 2021-03-21.
- ↑ "Realization of a Vision: Authentication and Authorization Infrastructure for the Swiss Higher Education Community". ResearchGate. Retrieved 2021-03-21.
- ↑ Landscape of EOSC-Related Infrastructures and Initiatives. 14 September 2020. ISBN 978-92-76-21289-8 . Retrieved 2021-03-21.
{{cite book}}:|website=ignored (help)
