User:WikiAuggie/Distributed Access Control System (DACS): Difference between revisions

DACS - The Distributed Access Control System
Original author(s)	Developers at Distributed Systems Software
Developer(s)	Distributed Systems Software
Stable release	1.4.23a / October 16, 2009; 14 years ago
Written in	C with APIs for some other languages
Operating system	FreeBSD, Linux, Sun Solaris
Platform	POSIX
Available in	English
Type	Computer security
License	Modified Sleepycat License
Website	[1]

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 19:15, 21 October 2009

This is a draft article for DACS (Distributed Access Control System).

The Distributed Access Control System (DACS) is a light-weight single sign-on and role-based access control system for web servers and server-based software. Released under an open source license, DACS provides a modular authentication framework that supports an array of common authentication methods and a rule-based authorization engine that can grant or deny access to a resource, named by a URL, based on the identity of the requestor and other contextual information. Administrators can configure DACS to identify users by employing authentication methods and user accounts already available within their organization. The resulting DACS identities will be recognized at all DACS jurisdictions that have been federated.

DACS is primarily used with an Apache web server to provide enhanced access control for web pages, CGI programs and servlets, and other web-based assets, and to federate Apache servers.

In addition to simple web-based APIs, command-line interfaces are also provided to much of the functionality.

Development of DACS began in 2001, with the first open source release made available in 2005.

Authentication

DACS can use any of the following authentication methods and account types:

SSL client certificates

self-issued or managed Information Cards (InfoCards)

two-factor authentication using security tokens or grid-based one-time passwords

Unix passwords

Apache authentication modules and password files

Windows NT LAN Manager (NTLM) accounts

LDAP or Microsoft Active Directory (ADS) accounts

Central Authentication Service (CAS)

HTTP-requests

PAM-based accounts

private username/password databases

imported identities

computed identities

The extensible architecture allows new methods to be introduced.

Authorization

DACS performs access control by evaluating access control rules that are specified by an administrator. Expressed as a set of XML documents, the rules are consulted at run-time to determine whether access to a given resource should be granted or denied.

References

[2.0 Access Control]

[access control and single sign-on for Web services]

[access control: Improve security and make programming easier with an authorization framework]

[Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications]

External links

DACS project home

DACS at Sourceforge

@@ Line 97: / Line 97: @@
 == See also ==
-* [[Computer_security]]
 * [[Access_control]]
+* [[Computer_security]]
 == References ==
+* [[http://www.site-reference.com/articles/Website-Development/Web-2-0-Access-Control-Part-1.html|Web 2.0 Access Control]]
+* [[http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11224|Role-based access control and single sign-on for Web services]]
+* [[http://www.ibm.com/developerworks/webservices/library/ws-soa-access.html|Rule-based access control: Improve security and make programming easier with an authorization framework]]
+* [[http://www.foss4g2007.org/presentations/view.php?abstract_id=203|Spatial Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications]]
 == External links ==