Jump to content

Distributed Access Control System

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by WikiAuggie (talk | contribs) at 16:45, 15 July 2016 (Minor updates and clarifications.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

DACS — The Distributed Access Control System
Original author(s)Developers at Distributed Systems Software
Developer(s)Distributed Systems Software
Initial release2005; 19 years ago (2005)
Stable release
1.4.37 / May 18, 2016; 8 years ago (2016-05-18)
Written inC with APIs for some other languages
Operating systemFreeBSD, Linux, Mac OS X
Available inEnglish
TypeComputer security
LicenseModified Sleepycat License
Websitedacs.dss.ca

The Distributed Access Control System (DACS)[1] is a light-weight single sign-on and attribute-based access control system for web servers and server-based software. DACS is primarily used with Apache web servers to provide enhanced access control for web pages, CGI programs and servlets, and other web-based assets, and to federate Apache servers.

Released under an open source license, DACS provides a modular authentication framework that supports an array of common authentication methods and a rule-based authorization engine that can grant or deny access to resources, named by URLs, based on the identity of the requestor and other contextual information. Administrators can configure DACS to identify users by employing authentication methods and user accounts already available within their organization. The resulting DACS identities are recognized at all DACS jurisdictions that have been federated.

In addition to simple web-based APIs, command-line interfaces are also provided to much of the functionality. Most web-based APIs can return XML or JSON documents.

Development of DACS began in 2001, with the first open source release made available in 2005.

Authentication

DACS can use any of the following authentication methods and account types:

The extensible architecture allows new methods to be introduced.

The DACS distribution includes various cryptographic functionality, such as message digests, HMACs, symmetric and public key encryption, ciphers (ChaCha20, OpenSSL), digital signatures, password-based key derivation functions (HKDF, PBKDF2), and memory-hard key derivation functions (scrypt, Argon2), much of which is available from a simple scripting language.

DACS can also act as an Identity Provider for InfoCards and function as a Relying Party, although this functionality is now deprecated.

Authorization

DACS performs access control by evaluating access control rules that are specified by an administrator. Expressed as a set of XML documents, the rules are consulted at run-time to determine whether access to a given resource should be granted or denied. As access control rules can be arbitrary computations, it combines attribute-based access control, role-based access control, policy-based access control, delegated access control, and other approaches. The architecture provides many possibilities to administrators.

See also

References

  1. ^ "DACS: The Distributed Access Control System".
Notes