Fri Sep 19 05:52:25 PDT 2014

Control Architecture: Access facilitation: How is access facilitated once identity is adequately established?


{Unified, Consolidated, Independent} x
{access, tracking, use control} x across
{enterprises, zones, subzones, applications, mechanisms} x at
{low, medium, high} granularity.


Unified: All of the access mechanisms are federated, aggregated, or otherwise composed into a unified access mechanism that deals with all access seamlessly.

Consolidated: Various groups of access mechanisms are composed to form islands of mechanisms, possibly with limited interactions for efficiency, but not in a unified manner.

Independent: Mechanisms for access are independent of each other and control over those mechanisms are highly localized.

access: the granting of capabilities to examine, modify, delete, add to, or otherwise apply content to gain utility.

tracking: the capacity to associated actions to actors and content to storage, processing, and transport.

use control: the ability to control who and what does what with what and for what purposes.

across enterprises: as in between business units and with other business units across all boundaries, treating everything as if it were all part of one thing.

across zones: these are the major areas within an enterprise as defined for grouping content, mechanisms, people, and devices, typically based on common communications requirements.

across subzones: these are separation mechanisms within zones used to keep things apart either to limit risk aggregation to meet logical, regulatory, contractual,or other similar grouping requirements.

across applications: these go between applications, or from and between user systems, servers, application platforms, databases, and storage

across mechanisms: these go across control mechanisms, boundaries, devices, storage media, and other physical and logical functional units.

at low granularity.: at the granularity of application sets, whole databases, whole systems, or larger units, and in consolidated periods of time or volumes of flows.

at medium granularity.: at the level of applications, files, parts of systems, programs, and database tables and to the granularity of seconds or less, numbers of records per unit time, and similar flow levels..

at high granularity.: at the level of individual users, routines within programs, URLs within a server, options within applications, and individual datum within databases and to the maximum granularity of the available time standards and data units.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved