Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
March 28, 2022 03:32 pm GMT

RBAC and CapBAC in IoT

Introduction

Identity access and management (IAM) is an integral part of a security strategy in modern enterprise. By ensuring only the right people can access specific systems and data, IAM helps limit your organizations exposure and reduce risk.

What is RBAC?

Many IAM systems use a method called role-based access control (RBAC) to assign permissions for who can do what within specific IT resources like applications, depending on the organizations structure and the users responsibilities.

RBAC allows you to create and enforce advanced access by assigning a set of permissions. The permissions are based on what level of access specific user categories require to perform their duties. In other words, different people in your company can have completely different levels and types of access privileges based solely on factors such as their job function and responsibilities.

Image description

For example, Human Resources employees could view employee records but not customer data. And an HR manager could delete or change HR records while a lower-level HR specialist would only be able to view them. When an individuals responsibilities or functions changefor example, due to a promotion or department transferthat person is assigned to the new role in the RBAC system.

Image description

What is CapBAC?

Capability-based access control (CapBAC) is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights.

Image description
A user program on a capability-based operating system must use a capability to access an object. CapBAC refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure.

Reference

https://www.sailpoint.com/identity-library/what-is-role-based-access-control/?elqct=PaidMedia&elqchannel=GoogleSearch&elqcta=Cj0KCQjw0PWRBhDKARIsAPKHFGiIojv3R5R-KqsfoyGHarhPZpOtzpZwT-mdGLNdcv_ntTD7E0Wnx98aArE3EALw_wcB&gclid=Cj0KCQjw0PWRBhDKARIsAPKHFGiIojv3R5R-KqsfoyGHarhPZpOtzpZwT-mdGLNdcv_ntTD7E0Wnx98aArE3EALw_wcB

https://en.wikipedia.org/wiki/Capability-based_security

https://version-2.com.sg/2021/12/what-is-role-based-access-control/

https://link.springer.com/article/10.1007/s12243-019-00709-7

https://www.bettercloud.com/monitor/the-fundamentals-of-role-based-access-control/


Original Link: https://dev.to/yongchanghe/rbac-and-capbac-in-iot-37f3

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To