Ch. 4 - Vocab

Question 1

access control

Answer 1

implements a security policy that specifies who may have access to each specific system resource, and the type of access that is permitted in each instance

Question 2

access control list

Answer 2

decomposition of the access matrix in column, providing the list of access rights of each user to an object

Question 3

access management

Answer 3

controls the ways entities are granted access to resources: consists of resource management, privilege management, and policy management

Question 4

access matrix

Answer 4

a matrix consisting of subjects attempting to access resources and objects that may be accessed

Question 5

attribute

Answer 5

are characteristics that define specific aspects of the subject, object, or environment conditions. It consists of a name and a value

Question 6

attribute-based access control

Answer 6

controls access based on attributes of the user, the resource to be accessed, and current environmental conditions

Question 7

attribute exchange network

Answer 7

an online Internet-scale gateway for identity service providers and relying parties to efficiently access online identity attributes

Question 8

attribute provider

Answer 8

in the OITF, it verifies given attributes presented by subjects and creates conformant attribute credentials according tot the AXN

Question 9

auditor

Answer 9

in OITF, these are entities that check that parties’ practices have been in line with what was agreed from the OITF

Question 10

authorizations

Answer 10

otherwise known as privileges

Question 11

assessor

Answer 11

in OITF, these evaluate identity service providers and RPs, and certify if they are able to follow OITF provider’s blueprint

Question 12

capability ticket

Answer 12

specifies authorized objects and operations for a particular user

Question 13

cardinality

Answer 13

a maximum number with respect to roles

Question 14

closed access control policy

Answer 14

authorizations specify permissions for an access

Question 15

credential

Answer 15

data structure that authoritatively binds an identity to a token possessed by a subscriber

Question 16

credential management

Answer 16

authoritatively binds an identity to a token possessed by a subscriber

Question 17

discretionary access control

Answer 17

controls access based on the identity of the requestor and on access rules stating what requestors are allowed to do

Question 18

dispute resolver

Answer 18

provides arbitration and dispute resolution under OIX guidelines

Question 19

dynamic separation of duty

Answer 19

a user can take multiple role, but cannot take them simultaneously

Question 20

entitlements

Answer 20

otherwise known as privileges

Question 21

environment attribute

Answer 21

describes the operational, technical, and situational environment in which information access occurs, may include data and time, network security level

Question 22

general role hierarchy

Answer 22

there is support for an arbitrary partial order to serve as the role hierarchy

Question 23

group

Answer 23

a set of users with may be given privileges to an object

Question 24

identity, credential, and access management

Answer 24

A comprehensive approach to managing and implementing identities, credentials, and access control. Consists of the categories Credential Management, Identity Management, Identity Federation, and Access Management

Question 25

identity federation

Answer 25

describes the means that allow an organization to trust digital identities created and issued by another organization

Question 26

identity management

Answer 26

concerned with assigning attributes to a digital identity and connecting that digital identity to an individual

Question 27

identity provider

Answer 27

in OITF, these authenticate user credentials and to vouch for the names of subjects

Question 28

Information Card Foundation

Answer 28

community of companies to evolve the information card system where information cards are personal digital identities people can use online

Question 29

kernel mode

Answer 29

where privileged instructions may be executed and protected area of memory may be accessed

Question 30

least privilege

Answer 30

least set of privileges necessary to perform a task

Question 31

limited role hierarchy

Answer 31

hierarchies are limited to simple structures such as trees or inverted trees

Question 32

mandatory access control

Answer 32

controls access based on comparing security labels with security clearances

Question 33

mutually exclusive roles

Answer 33

a user can be assigned to only one role in the set

Question 34

object

Answer 34

a resource to which access is controlled

Question 35

object attribute

Answer 35

can be extracted from the metadata of the object

Question 36

open access control policy

Answer 36

authorizations specify denials for an access

Question 37

Open Identity Exchange Corporation

Answer 37

international provider of certification trust frameworks conforming to OITF

Question 38

Open Identity Trust Framework

Answer 38

a open specification of trust framework for identity and attribute exchange

Question 39

OpenID

Answer 39

an open standard that allows users to be authenticated by certain cooperating sites using a third party service

Question 40

OpenID Foundation

Answer 40

organization committed to enabling, promoting, and protecting OpenID technologies

Question 41

owner

Answer 41

the creator of a resource

Question 42

permission

Answer 42

otherwise known as privileges

Question 43

policy

Answer 43

set of rules and relationships that govern allowable behavior

Question 44

prerequisite role

Answer 44

a user can only be assigned to a particular role if it is already assigned to some other specified role

Question 45

privilege

Answer 45

represent the authorized behavior of a subject

Question 46

protection domain

Answer 46

a set of objects together with access rights to these objects

Question 47

relying party

Answer 47

in OITF, these are entities delivering services to specific users

Question 48

resource

Answer 48

otherwise known as an object

Question 49

rights

Answer 49

otherwise known as privileges

Question 50

role-based access control

Answer 50

controls access based on the roles that user have within the system

Question 51

role constraints

Answer 51

can be used to restrict the number of assigned roles, provide a separation of duties and capabilities, or make one role as a prerequisite to another

Question 52

role hierarchies

Answer 52

makes use of the concept of inheritance to enable one role to implicitly include right associated with a subordinate role

Question 53

separation of duty

Answer 53

applies the mutual exclusion constraint to RBAC, could be static or dynamic

Question 54

session

Answer 54

a mapping between a user and activated subset of roles that a user is assigned

Question 55

static separation of duty

Answer 55

defines role memberships that are mutually exclusive

Question 56

subject

Answer 56

an entity capable of accessing objects

Question 57

subject attribute

Answer 57

attributes may include the name, organization, job title, or role

Question 58

trust framework

Answer 58

functions as a certification program, enabling a party who accept a digital identity credential to trust the identity, security, and privacy policies of the party who issues the credential

Question 59

trust framework provider

Answer 59

in OITF, this is an organization that translates the requirements of policymaker into a blueprint for a trust framework

Question 60

user mode

Answer 60

the default mode for a user program, certain area of memory are protected and certain instructions may not be executed