Monday, April 1, 2013

OAuth 2.0 - Informaion System Security Glossary

Glossary of some Commonly used terms related to Information System Security


1. Access Control

Meaning : Protection of s system resource against unauthorised access. 

Going Further : It is a Process by which use of system resources is regulated according to a security policy and is permitted by only authorized entities, such as user or a programs or other systems. "The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner."

Related Links : Access Control List

2.  Access Control List ( ACL )

Meaning : A method to implemente Access Control for a system by maintaining a list of System Entities that are permitted to access the resource and stating implicitly or explicitly, the different access modes granted to every entity

Going Further : Most Applications keep ACLs to grant different modes of permission to different users

Related Links : Access Control, Access Control Matrix

3. Access Control Matrix

Meaning : A rectangular array of cells, with one row per subject and one column per object. The entry in a cell -- that is, the entry for a particular subject-object pair -- indicates the access mode that the subject is permitted to exercise on the object. Each column is equivalent to an "access control list" for the object; and each row is equivalent to an "access profile" for the subject.

Related Terms : Access Control, Access Control List ( ACL )

3. Anonymity

Meaning : The condition of an identity being unknown or concealed.

Going Further : An application may require security services that maintain anonymity of users or other system entities, perhaps to preserve their privacy or hide them from attack. To hide an entity's real name, an alias may be used; for example, a financial institution may assign account numbers. Parties to transactions can thus remain relatively anonymous, but can also accept the transactions as legitimate. Real names of the parties cannot be easily determined by observers of the transactions, but an authorized third party may be able to map an alias to a real name, such as by presenting the institution with a court order. In other applications, anonymous entities may be completely untraceable.

Related Terms : anonymous login

4. Anonymous Login

Meaning :  An access control feature that enables users to gain access to general purpose services or resources of a host, without having a pre-established identify specific account ( i.e username and password ) . E.g: Allowing users to transfer data using FTP

Going Further : This feature exposes a system to more threats than when all the users are known, pre-registered entities that are individually accountable for their actions. A user logs in using a special, publicly known user name (e.g., "anonymous", "guest", or "ftp"). To use the public login name, the user is not required to know a secret password and may not be required to input anything at all except the name. In other cases, to complete the normal sequence of steps in a login protocol, the system may require the user to input a matching, publicly known password (such as "anonymous") or may ask the user for an e-mail address or some other arbitrary character string.

Related Terms : anonymity

No comments:

Post a Comment