Access Road

Home | News | FAQ | Documentation | Download | Links | Authors

Home

News

FAQ

Documentation

Download

Links

Authors

Frequently Asked Questions

What is access control for you?

Well... First, it is not identification and authentication, which cover the issue "who is this user/process/server". Access control domain is "what are the rights of this user/process/server... to use/access/operate on the information system resources". It is also, on the other side, "what the information system has to forbid to this user/process/server". This definition covers physical and logical access control. Access Road target is only logical access control.

Meanwhile, in this perspective, when an user logs in an operating system account, it is authentication from the security function point-of-view, but for Access Road, it will be considered as an access _right_ to the account.With the same approach, when a file is encrypted, it is an other security function, but for Access Road, the secret keys owners for this file will be considered as having a specific access _right_ on the file if the encryption system is modeled as an access control system in Access Road. So, all access control issues are covered.

Why is it so difficult to design access controls?

Access controls are connected to many domains : security policy, technical architecture, functional architecture, user organization, administration requirements, technical maturity of the software, instability of all these aspects, ... Access control needs to build up a bridge between different skills, far beyond the administration team common skills, that usually is alone to assume this responsibility among many all others. At the opposite, there are very few people able to build up this bridge, e.g. to be both comprehensive, clear and technically precise. Finally, it is quite difficult in a large project to set correctly the requirements relevant to access control, applicable to every software contractors, and to correctly explain them to all.

Is there any way to resolve this complex issue with a software?

Well, not really... But through smart diagrams catching the domain issues, precise and powerfull representation of access controls functions and design issues, large coverage of the leading platforms,... the challenge of this project is to try.

Is Access Road an administration tool?

On the contrary of some administration tools, Access Road models in detail the resources to be protected and the technical functions that are effective in every software (an operating system, for instance). It does not model only general user profiles and functional profiles of resources. It helps to analyze easily different solutions of access controls in an heterogeneous information system. Access Road may help to manage a current system, but it is _not_ an automation tool for access control updates.