7 Nov
2018
7 Nov
'18
2:03 a.m.
On 06/11/2018 05:24, Grant Taylor via TUHS wrote:
Access Control = Authorisation.
Everywhere I've been, AAA = Authentication, Authorisation, Accounting.
--
Pete
Pete Turnbull
On 11/05/2018 03:34 PM, Dan Cross wrote:
Security, in
general, usually seeks to address five questions:
1. Authentication - Is some entity who it claims to be?
2. Authorization - Is some entity allowed to perform some action?
3. Privacy - Can a third party snoop on a private conversation between
two entities?
4. Integrity - Can a third party alter communications between two
entities in an undetectable way?
5. Non-repudiation - Can it be definitively shown that some entity was
a party to some communication?
The 3rd A that I'm used to is "Access Control". Is the requested action
allowed given the above information.