查看文章

Access Control, typically referred to as resource authorization or just authorization, is the confinement of the actions of a particular entity or an individual only to the computing resources and services that it is authorized to use. This is achieved by enforcing predefined access control policies. The underlying policies govern every access of an entity to a particular resource. The policies can be realized in the guise of attributes and the corresponding rules associated with a set of entities and a set of resources. For the access control mechanisms to be sound and ensure integrity, this is achieved by securely establishing the identity of the entities. If this secure enforcement of the establishment of identities is absent, enforcing an access policy is foiled and left useless. While there is an absolute and dire need to enforce access control mechanisms in practice, it comes with issues that need thorough consideration before these mechanisms are put to implementation. Some of the challenges are; it is challenging to achieve access control in resource constrained devices due to their heterogeneous nature and limited computation capabilities. Also, the dynamic nature of devices makes it hard to implement access control policies. Other important aspects that are challenging are the dynamic topologies, distributive nature, and policy enforcement dynamically.