Identity-based security
Identity-based security is an approach to control access to a digital product or service based on the authenticated identity of an individual. This allows organizations to grant access to specific users to a variety of digital services using the same credentials, ensuring the accurate match between what users are entitled to and what they actually receive,[1] while also permitting other access constraints such as company, device, location and application type (attributes).[2] Underpinning the identity-based security approach is the identity-based access control (IBAC)[3] (or identity-based licensing)[4][5] concept.
NIST defines identity-based security policies as policies "based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access."[6]
Some of the advantages of the identity-based security approach include the ability to exercise very fine-grained control over who is allowed to use which services and which functions those users can perform,[7] and that it is device-agnostic, offering the possibility to enforce access control policy across a variety of devices, such as smartphones, tablets, and PCs.[8]
See also
References
- "Identity and Access Management: Pillars for effective Personalisation" (PDF). 10duke.com. 2016-02-08. Archived (PDF) from the original on 2017-07-05. Retrieved 2017-11-14.
- Linthicum, David (2014). "Analyst Report: Identity-based security and the cloud". Gigaom. Archived from the original on 2016-06-24. Retrieved 2017-11-14.
- "Glossary: Identity-Based Access Control". Computer Security Resource Center. NIST. Retrieved 2017-11-14.
- "What is identity-based licensing?". 10duke.com. 2016-02-02. Archived from the original on 2017-11-14. Retrieved 2017-11-14.
- "Adobe Flash Media Rights Management Server 1.0 Overview for Microsoft Windows, Linux, and UNIX" (PDF). Workflows - Identity-based licensing. Adobe Systems. 2008-05-01. Archived (PDF) from the original on 2017-08-29. Retrieved 2017-11-14.
- SP 800-33 - Underlying Technical Models for Information Technology Security, Gary Stoneburner, p. 21, December 2001, NIST Computer Security Publications - NIST Special Publications (SPs), doi:10.6028/NIST.SP.800-33. Retrieved 4 April 2017.
- Enrico, Sabbadin (2003-12-23). ".NET Identity and Principal Objects". informIT. Pearson Education. Archived from the original on 2017-11-14. Retrieved 2017-11-14.
- Powell, James E. (2012-07-16). "Q&A: Addressing BYOD with Identity-Based Security". Enterprise Systems Journal. Archived from the original on 2017-11-14. Retrieved 2017-11-14.