80.DIFFERENT TYPES OF ACCESS CARDS

In an ACL-based model, a subject's access to an object depends on whether its identity is on a list associated with the object (roughly analogous to how a bouncer at a private party would check your ID to see if your name is on the guest list); access is conveyed by editing the list. (Different ACL systems have a variety of different conventions regarding who or what is responsible for editing the list and how it is edited.)


Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject).Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where Where you are, for example inside or outside a company firewall, or proximity of login location to a personal GPS device.


identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in;authorization determines what a subject can do; accountability identifies what a subject (or all subjects associated with a user) did. [[=== Identification and authentication (I&A) === Identification and authentication (I&A) is the process of verifying that an identity is bound to the entity that asserts it. The I&A process assumes that there was an initial vetting of the identity, during which an authenticator was established. Subsequently, the entity asserts an identity together with an authenticator as a means for validation.


The only requirements for the identifier is that it must be unique within its security domain.Authenticators are commonly based on at least one of these four factors:
Something you know, such as a password or a personal identification number (PIN). This assumes that only the owner of the account knows the password or PIN needed to access the account. Something you have, such as a smart card or security token. This assumes that only the owner of the account has the necessary smart card or token needed to unlock the account. Something you are, such as fingerprint, voice, retina, or iris characteristics.