Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Distributed Access Control System
open-in-new
<h2 id="authentication">Authentication</h2> <p>DACS can use any of the following authentication methods and account types: </p> <ul><li><a href="/facts/X.509/rs0JuYDd">X.509</a> client certificates via <a href="/facts/Transport_Layer_Security/pGy16TnA">SSL</a></li> <li>self-issued or managed <a href="/facts/Information_Card/PbMt5aH7">Information Cards (InfoCards)</a> (deprecated)</li> <li><a href="/facts/Two-factor_authentication/186gpx8R">two-factor authentication</a></li> <li><a href="/facts/OpenID_Connect/Vpx5mbcV">OpenID Connect (OIDC)</a> Relying Party</li> <li><a href="/facts/HOTP/pd25nUTw">Counter-based</a>, <a href="/facts/Time-based_One-time_Password_Algorithm/C2SCYbGe">time-based</a>, or grid-based <a href="/facts/One-time_password/4u0a4vgk">one-time passwords</a>, including <a href="/facts/Security_token/0V55fErB">security tokens</a></li> <li><a href="/facts/Unix-like/YAKrAxzd">Unix-like</a> systems' <a href="/facts/Passwd_(database)/0na2Sv4D">password</a>-based accounts</li> <li><a href="https://httpd.apache.org/docs/2.2/howto/auth.html">Apache authentication modules</a> and their password files</li> <li><a href="/facts/NTLM/R6H8vAFL">Windows NT LAN Manager (NTLM)</a> accounts</li> <li><a href="/facts/Lightweight_Directory_Access_Protocol/KgpfD8nR">LDAP</a> or <a href="/facts/Active_directory/VWd9HhjU">Microsoft Active Directory (ADS)</a> accounts</li> <li><a href="/facts/RADIUS/9Gr9deYD">RADIUS</a> accounts</li> <li><a href="/facts/Central_Authentication_Service/29qQ65Tu">Central Authentication Service (CAS)</a></li> <li><a href="/facts/Hypertext_Transfer_Protocol/TWtvf7JD">HTTP</a>-requests (e.g., Google ClientLogin)</li> <li><a href="/facts/Pluggable_Authentication_Modules/g8lhxyUk">PAM</a>-based accounts</li> <li>private username/password databases with salted password hashing using <a href="/facts/SHA-1/LDYCV1je">SHA-1</a>, <a href="/facts/SHA-2/P59oPeGq">SHA-2</a>, or <a href="/facts/SHA-3/bA3BCp7K">SHA-3</a> functions, <a href="/facts/PBKDF2/nIq55BCh">PBKDF2</a>, or <a href="/facts/Scrypt/StlAggdS">scrypt</a></li> <li>imported identities</li> <li>computed identities</li></ul> <p>The extensible architecture allows new methods to be introduced. </p><p>The DACS distribution includes various cryptographic functionality, such as <a href="/facts/Cryptographic_hash_function/cuxkgbST">message digests</a>, <a href="/facts/HMAC/Qy9WD4V9">HMACs</a>, <a href="/facts/Encryption/16q29Fdv">symmetric and public key encryption</a>, ciphers (<a href="/facts/ChaCha20/gQjhIf2M">ChaCha20</a>, <a href="/facts/OpenSSL/aXvs5fo2">OpenSSL</a>), <a href="/facts/Digital_signatures/tY7e2pnW">digital signatures</a>, password-based key derivation functions (<a href="/facts/HKDF/KroJnqnf">HKDF</a>, <a href="/facts/PBKDF2/nIq55BCh">PBKDF2</a>), and memory-hard key derivation functions (<a href="/facts/Scrypt/StlAggdS">scrypt</a>, <a href="/facts/Argon2/8sAkGSch">Argon2</a>), much of which is available from a simple scripting language. </p><p>DACS can also act as an Identity Provider for InfoCards and function as a Relying Party, although this functionality is deprecated. </p> <h2 id="authorization">Authorization</h2> <p>DACS performs access control by evaluating access control rules that are specified by an administrator. Expressed as a set of <a href="/facts/XML/clNgUfWk">XML</a> documents, the rules are consulted at <a href="/facts/Run_time_(program_lifecycle_phase)/lCxKsrzB">run-time</a> to determine whether access to a given resource should be granted or denied. As access control rules can be arbitrary computations, it combines attribute-based access control, role-based access control, policy-based access control, delegated access control, and other approaches. The architecture provides many possibilities to administrators. </p> <h2 id="see-also">See also</h2> <ul> <li>Free and open-source software portal</li></ul> <ul><li><a href="/facts/Access_control/08zE5Pz8">Access control</a></li> <li><a href="/facts/Computer_security/7E5dIy7G">Computer security</a></li></ul> Notes <ul><li>R. Morrison, <a href="http://www.site-reference.com/articles/Website-Development/Web-2-0-Access-Control-Part-1.html">"Web 2.0 Access Control"</a>, 2007.</li> <li>J. Falkcrona, <a href="http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11224">"Role-based access control and single sign-on for Web services"</a>, 2008.</li> <li>B. Brachman, <a href="http://www.ibm.com/developerworks/webservices/library/ws-soa-access.html">"Rule-based access control: Improve security and make programming easier with an authorization framework"</a>, 2006.</li> <li>A. Peeke-Vout, B. Low, <a href="https://archive.today/20130414191213/http://www.foss4g2007.org/presentations/view.php?abstract_id=203">"Spatial Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications"</a>, 2007.</li></ul> <h2 id="external-links">External links</h2> <ul><li><a href="https://dacs.dss.ca">Official website</a></li> <li><a href="https://sourceforge.net/projects/dacs/">Distributed Access Control System</a> on <a href="/facts/SourceForge/lxYAgUAX">SourceForge</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"DACS: The Distributed Access Control System". <a href="https://dacs.dss.ca" target="_blank">https://dacs.dss.ca</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> </ol>