Identity-based security

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Identity-based security is an approach to control access to a digital product or service based on the authenticated identity of an individual. This allows organizations to grant access to specific users to a variety of digital services using the same credentials, ensuring the accurate match between what users are entitled to and what they actually receive,[1] while also permitting other access constraints such as company, device, location and application type (attributes).[2] Underpinning the identity-based security approach is the identity-based access control (IBAC)[3] (or identity-based licensing)[4][5] concept.

NIST defines identity-based security policies as policies "based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access."[6]

Some of the advantages of the identity-based security approach include the ability to exercise very fine-grained control over who is allowed to use which services and which functions those users can perform,[7] and that it is device-agnostic, offering the possibility to enforce access control policy across a variety of devices, such as smartphones, tablets, and PCs.[8]

See also[edit]


  1. ^ "Identity and Access Management: Pillars for effective Personalisation" (PDF). 2016-02-08. Archived (PDF) from the original on 2017-07-05. Retrieved 2017-11-14.
  2. ^ Linthicum, David (2014). "Analyst Report: Identity-based security and the cloud". Gigaom. Archived from the original on 2016-06-24. Retrieved 2017-11-14.
  3. ^ "Glossary: Identity-Based Access Control". Computer Security Resource Center. NIST. Retrieved 2017-11-14.
  4. ^ "What is identity-based licensing?". 2016-02-02. Archived from the original on 2017-11-14. Retrieved 2017-11-14.
  5. ^ "Adobe Flash Media Rights Management Server 1.0 Overview for Microsoft Windows, Linux, and UNIX" (PDF). Workflows - Identity-based licensing. Adobe Systems. 2008-05-01. Archived (PDF) from the original on 2017-08-29. Retrieved 2017-11-14.
  6. ^ SP 800-33 - Underlying Technical Models for Information Technology Security, Gary Stoneburner, p. 21, December 2001, NIST Computer Security Publications - NIST Special Publications (SPs), doi:10.6028/NIST.SP.800-33. Retrieved 4 April 2017.
  7. ^ Enrico, Sabbadin (2003-12-23). ".NET Identity and Principal Objects". informIT. Pearson Education. Archived from the original on 2017-11-14. Retrieved 2017-11-14.
  8. ^ Powell, James E. (2012-07-16). "Q&A: Addressing BYOD with Identity-Based Security". Enterprise Systems Journal. Archived from the original on 2017-11-14. Retrieved 2017-11-14.