What is policy enforcement, and why should we care?
Source: ComputerWorld - Posted by Benjamin D. Thomas   
Security Security administrators typically consider "authorization" in the context of user identities, which are verified via passwords or randomly generated codes or iris scans. Once identity has been validated, it's used to establish appropriate levels of access to computers, network resources and information. People with networking and Web server experience may go so far as to include certificates in their understanding of "authentication" and authorization, since IPsec and SSL/TLS both rely on certificates for validation of machine identities.

But authorization can be interpreted far more broadly. Possession being nine-tenths of the law, I can reasonably call myself an "authorized" driver of my car since I possess the car's title, and perhaps more importantly, the ignition key. In the early days of TCP/IP networking, an authorized network node could be defined operationally as "any machine with physical access to my Ethernet network," since the network implementations of the time required little more than plugging in a cable and maybe configuring an address or two to establish connectivity.

Read this full article at ComputerWorld

Only registered users can write comments.
Please login or register.

Powered by AkoComment!