- Distributed Access Control System
DACS - The Distributed Access Control System Original author(s) Developers at Distributed Systems Software Developer(s) Distributed Systems Software Stable release 1.4.26 / September 30, 2011 Development status production Written in C with APIs for some other languages Operating system FreeBSD, Linux, Mac OS X, Sun Solaris Platform POSIX Available in English Type Computer security License Modified Sleepycat License Website dacs.dss.ca
The Distributed Access Control System (DACS) is a light-weight single sign-on and role-based access control system for web servers and server-based software. DACS is primarily used with Apache web servers to provide enhanced access control for web pages, CGI programs and servlets, and other web-based assets, and to federate Apache servers.
Released under an open source license, DACS provides a modular authentication framework that supports an array of common authentication methods and a rule-based authorization engine that can grant or deny access to resources, named by URLs, based on the identity of the requestor and other contextual information. Administrators can configure DACS to identify users by employing authentication methods and user accounts already available within their organization. The resulting DACS identities are recognized at all DACS jurisdictions that have been federated.
In addition to simple web-based APIs, command-line interfaces are also provided to much of the functionality.
Development of DACS began in 2001, with the first open source release made available in 2005.
DACS can use any of the following authentication methods and account types:
- X.509 client certificates via SSL
- self-issued or managed Information Cards (InfoCards)
- two-factor authentication
- Counter-based, time-based, or grid-based one-time passwords, including security tokens
- Unix-like systems' password-based accounts
- Apache authentication modules and their password files
- Windows NT LAN Manager (NTLM) accounts
- LDAP or Microsoft Active Directory (ADS) accounts
- Central Authentication Service (CAS)
- HTTP-requests (e.g., Google ClientLogin)
- PAM-based accounts
- private username/password databases
- imported identities
- computed identities
The extensible architecture allows new methods to be introduced.
DACS can also act as an Identity Provider for InfoCards and function as a Relying Party.
DACS performs access control by evaluating access control rules that are specified by an administrator. Expressed as a set of XML documents, the rules are consulted at run-time to determine whether access to a given resource should be granted or denied.
- R. Morrison, "Web 2.0 Access Control", 2007.
- J. Falkcrona, "Role-based access control and single sign-on for Web services", 2008.
- B. Brachman, "Rule-based access control: Improve security and make programming easier with an authorization framework", 2006.
- A. Peeke-Vout, B. Low, "Spatial Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications", 2007.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Distributed Concurrent Versions System — Developer(s) elego Software Solutions GmbH Initial release August 2002; 9 years ago (2002 08) Stable release 1.0.3 / September 25, 2006; 5 years ago ( … Wikipedia
Distributed database management system — A distributed database management system ( DDBMS ) is a software system that permits the management of a distributed database and makes the distribution transparent to the users. A distributed database is a collection of multiple, logically… … Wikipedia
Distributed revision control — A distributed revision control system (DRCS), distributed version control or decentralized version control (DVCS) keeps track of software revisions and allows many developers to work on a given project without necessarily being connected to a… … Wikipedia
Control system security — is the prevention of intentional or unintentional interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water,… … Wikipedia
Distributed control system — Part of a series of articles on Industry Manufacturing methods Batch production • Job production Continuous production Improvement method … Wikipedia
Network Access Control — (NAC) is an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security… … Wikipedia
Mandatory Access Control — (MAC) („zwingend erforderliche Zugangskontrolle“) ist ein Oberbegriff für Konzepte zur Kontrolle und Steuerung von Zugriffsrechten, vor allem auf IT Systemen. Die Entscheidungen über Zugriffsberechtigungen werden nicht nur auf der Basis der… … Deutsch Wikipedia
Basic Access Control — (BAC) is a mechanism specified to ensure only authorized parties can wirelessly read personal information from passports with an RFID chip. It uses data such as the passport number, date of birth and expiration date to negotiate a session key.… … Wikipedia
Networked control system — A Networked Control System (NCS) is a control system wherein the control loops are closed through a real time network. The defining feature of an NCS is that control and feedback signals are exchanged among the system s components in the form of… … Wikipedia
Distributed System Security Architecture — or (DSSA) is a computer security architecture that provides a suite of functions including login, authentication, and access control in a distributed system. To differ from other similar architectures, the DSSA architecture offers the ability to… … Wikipedia