Information Technology Reference
In-Depth Information
Access Management, LIMA-style
Let's now go through the detailed conceptual steps that build up to the
solution above.
Access Management Concepts
Take Access Management first. Let's say we want to control access to a web
application. The simplest model is when the application itself challenges the
user for credentials (e.g., asks for a user ID and password by popping up a
login page) and validates them against its own database before allowing
access to its functions. The application performs both authentication (“Is the
user who they claim to be?”) using the password, and authorisation (“Is the
user allowed to access this information or perform this function?”) using
stored access rules.
The diagram below illustrates this.
Fig 10: Standalone authentication
While this is a simple model, it becomes operationally cumbersome when an
organisation has many such applications. Each application needs to maintain
