Distributed Access Control System (DACS)
| Original author(s) | Developers at Distributed Systems Software |
|---|---|
| Developer(s) | Distributed Systems Software |
| Stable release | 1.4.24 / January 7, 2010 |
| Written in | C with APIs for some other languages |
| Operating system | FreeBSD, Linux, Mac OS X, Sun Solaris |
| Platform | POSIX |
| Available in | English |
| Development status | production |
| Type | Computer security |
| License | Modified Sleepycat License |
| Website | [1] |
The Distributed Access Control System (DACS) is a light-weight single sign-on and role-based access control system for web servers and server-based software. DACS is primarily used with Apache web servers to provide enhanced access control for web pages, CGI programs and servlets, and other web-based assets, and to federate Apache servers.
Released under an open source license, DACS provides a modular authentication framework that supports an array of common authentication methods and a rule-based authorization engine that can grant or deny access to resources, named by URLs, based on the identity of the requestor and other contextual information. Administrators can configure DACS to identify users by employing authentication methods and user accounts already available within their organization. The resulting DACS identities are recognized at all DACS jurisdictions that have been federated.
In addition to simple web-based APIs, command-line interfaces are also provided to much of the functionality.
Development of DACS began in 2001, with the first open source release made available in 2005.
Authentication
DACS can use any of the following authentication methods and account types:
- self-issued or managed Information Cards (InfoCards)
- two-factor authentication using security tokens or grid-based one-time passwords
- Apache authentication modules and their password files
- Windows NT LAN Manager (NTLM) accounts
- LDAP or Microsoft Active Directory (ADS) accounts
- HTTP-requests (e.g., Google ClientLogin)
- PAM-based accounts
- private username/password databases
- imported identities
- computed identities
The extensible architecture allows new methods to be introduced.
DACS can also act as an Identity Provider for InfoCards and function as a Relying Party.
Authorization
DACS performs access control by evaluating access control rules that are specified by an administrator. Expressed as a set of XML documents, the rules are consulted at run-time to determine whether access to a given resource should be granted or denied.
See also
References
- R. Morrison, "Web 2.0 Access Control", 2007.
- J. Falkcrona, "Role-based access control and single sign-on for Web services", 2008.
- B. Brachman, "Rule-based access control: Improve security and make programming easier with an authorization framework", 2006.
- A. Peeke-Vout, B. Low, "Spatial Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications", 2007.
External links
If you like SEOmastering Site, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...
