When a secure channel set up between a client and a server, the client can issue requests to the server.
A request can carry out only if the client has sufficient Access Control rights for that invocation.
Verifying access rights called access control, while authorization the process of granting access rights.
- The object may be an abstract entity like a process, file, database, semaphore, tree data structure, or a physical entity like CPU, memory segment, printer, tape drive, network site, etc.
- Each object has a unique name that differentiates it from others in the system. And it referenced by this unique name.
- The object associated with a type to determine the type of operations that can perform on it.
- Subjects are processes that act on behalf of users or they could be objects that need services of other objects to carry out their tasks.
A subject, in other words, an active entity whose access to objects needs to control.
- The entities that need to Access Control and perform operations on objects and to which access authorizations granted called subjects.
- Protection rules define the possible ways in which subjects and objects allowed to interact.
- Associated with a subject-object pair is an access right that defines the subset of possible operations for the object type that the subject can perform on that object.
- The complete set of access rights defines which subjects can perform what operations on which objects.