Talk:Access control/Archives/2014

Overall comments
The way this article is structured now, it would make sense to split it into two (physical security and computer security). However, I think it would be better if the document were re-organized by someone familiar with both the physical and computer side of things... it would be easy to present a more holistic vision by defining key concepts (like "credentials") first, then delving into the aspects/history of physical vs. computer access control. --Scouttle (talk) 07:25, 26 February 2008 (UTC)

The information about Wiegand is wrong, as Wiegand is a standard for communication of card identification, not a physical type of access cards. —Preceding unsigned comment added by 213.160.245.172 (talk) 13:50, 21 November 2008 (UTC)

The negative comment about Wiegand is not true. Wiegand cards and readers do exist and in fact precede proximity (RFID)readers which adopted the interface. see: http://en.wikipedia.org/wiki/John_R._Wiegand Wiegand cards use a special type of buried wire in the card, These buried wires are arranged into two rows representing Data Line 1 (D1) and Data line 0 (D0). The wires are stamped out to remove unwanted bits to leave a binary representation of the card number. The Weigand card reader uses a pair of coils with biasing magnets to detect the passing buried wires as the card is swiped. The coils then generate pulses as the wires pass between the coil and magnet. RFID readers later adopted this “D1 D0” wiegand interface to allow them to be used with legacy systems. Some RFID readers also emulate “Clock & Data” interface which came originally from the magstripe readers. —Preceding unsigned comment added by Iancbend (talk • contribs) 21:14, 3 May 2010 (UTC)

see: http://en.wikipedia.org/wiki/John_R._Wiegand Iancbend (talk) 21:40, 3 May 2010 (UTC)

Physical Security
It looks like this section was partially written or lifted from a company website. Should be re-organized by someone with domain knowledge who can offer a good overview of physical security history and works. --Scouttle (talk) 07:25, 26 February 2008 (UTC)

Computer Security
This section needs expansion and updating. Given that MAC, DAC, and RBAC all have their own pages, want to make sure information here is clear and brief: want to help people understand the differences between the schemes, and what (fundamental principles of access control) they have in common.

Also, either need more under "Access Control Software" or need to delete the heading.

Finally, MAC, DAC, and RBAC are not the only access control schemes out there. Should at least provide external links to other resources with information about newer schemes that exist in the research space. --Scouttle (talk) 07:25, 26 February 2008 (UTC)

The frases about MAC are a bit strange. It refers to labels, which is an aspect of some multi-level systems. In MAC objects get a (security) classification, and users get a (security) clearance - for objects of a certain classification. These two terms (clearance, and classification) should be mentioned. Marnixdekker (talk) 21:19, 12 July 2009 (UTC)

Removed redundancy
I removed the following text from the DAC section, since it's redundant with stuff earlier in the article. Perhaps the description of RBAC should go into the later RBAC section:

Discretionary access controls can be applied through techniques such as the following:


 * Access control lists (ACLs) name the specific rights and permissions that are assigned to a subject for a given object. Access control lists provide a flexible method for applying discretionary access controls.
 * Capability-based access control makes individual permission-granting tokens available to subjects for access to objects, providing for the possibility of satisfying the Principle of least privilege. Capability access control also provides for dynamically communicating such permissions in messages.
 * Role-Based Access Control assigns group membership based on organizational or functional roles. This strategy greatly simplifies the management of access rights and permissions:

Access rights and permissions for objects are assigned any group or, in addition to, individuals. Individuals may belong to one or many groups. Individuals can be designated to acquire cumulative permissions (every permission of any group they are in) or disqualified from any permission that isn't part of every group they are in.

--DavidHopwood 16:37, 22 January 2007 (UTC)

Telecommunication and Public Policy sections
Need to either be integrated into one of the previous two sections, or offer more information and references to help understand why these kinds of access control are distinct.

--Scouttle (talk) 07:25, 26 February 2008 (UTC)

Questionable Content
A section for devices that are accessed serially should include all such devices. Every type of device mentioned is a serial device. Categorizing a device as serial distinguishes it from a device that is accessed via a parallel interface. Truth is this categorization is probably not the best. If one believes there is merit to identifying the way they interface with surrounding hardware (as opposed to the type of resource they are used to control access to) identifying the protocol used such as RS-232, ARINC, RS-422, IEEE xyz, etc. is a more appropriate hierarchy.

Under references the Shon Harris text is referenced. It should be removed because it is not referenced. Removing is causing an error I don't understand, so I reverted a change I'd made, to put it back in. Hopefully a more experienced WP editor will remove it and use the citation that belongs here (if there is one). Contact me via WP email please, if this doesn't make sense to you.

Kernel.package (talk) 01:17, 19 September 2011 (UTC)

This article has provided a comprehensive introduction to Access Control. Also, it covers most aspects about Access Control. However, in my opinion, it will be more benefits, if it provides different methods of classification of Access control models. The current introduction of models of Access Control is a little bit confusing. According my research, there are two main categories: Discretionary Access Control Models (DAC), which also called an identity-based access control (IBAC), and Mandatory Access Control Models (MAC), which occasionally called a rule-based access control. On the basis of these two models, there are some other models. The Chines Wall Models, which combines elements of DAC and MAC, role- based access control (it is a DAC model), the Biba Model which is related to integrity, and the information-flow model (generalizes the ideas underlying MAC). These all models could be presented briefly in the following parts. This introduction is clearer for the peoples who are computer starters. Thanks. Fan Zhang-IHC (talk) 13:00, 31 March 2013 (UTC)

Hi, there is briefly history of Physical Security. Traditionally the term ‘physical security’ has been used to describe protection of material assets from fire, water damage, theft, or similar perils. Securing someone's property has long been a concern of people throughout the world. Beyond hiding the objects or constantly guarding them the frequently used option is to secure them with a device. Early solutions included knots to either detect, like the Thief knot, or hamper, like the Gordian Knot. Historians are unsure where the first lock was invented, but evidence suggests that locks initially developed independently in the Egyptian, Greek, Chinese and Roman civilizations. The ancient Egytian lock was dated to be about 4000 years old. The earliest known key-based lock was built during the Assyrian Empire in Khorsabad near Nineveh about 704 BC. It used the same pin tumbler principle employed by many modern locks. Lever tumbler locks were invented in Europe in the 17th century. In 1970s, with the development of micro-electronics technique, Magnetic lock, voice control lock and others modern locks created. However, recent concerns in computer security have caused physical security to take on a new meaning: Technologies used to safeguard information against physical attack.

Phillips, Bill (2005). The Complete Book of Locks and Locksmithing. Chicago: McGraw-Hill Professional. ISBN 0-07-144829-2. Pulford 2007, p. 317

Fan Zhang-IHC (talk) 13:10, 14 April 2013 (UTC)

Peer Review about Access Control Policy
Hi, Fan Zhang-IHC. As part of assignment requirements, I am responsible for peer reviewing your Wikipedia article.

After checked your editing to the article, I can see your editing is focusing on access control policy.

It is well structured and listed three main point. But you may follow the previous content format, use Bulleted list or Numbered list style to make format more consistent.

Since your editing mainly about access control policy, I think it is good placing policy part close to the model part in article. But I checked section 2.5 Access control models, is there some redundancy in the structure with your content? Or there is just missed some introduction between this two part?

Here is some references about access control policy: http://spdp.di.unimi.it/papers/sam-fosad.pdf https://umshare.miami.edu/web/wda/fm/facilities-administration/AccessControl/ACPolicyandProcedures.pdf Hope it could do some help.

And the "Role-Based Policies" is specified to Orange Book of the U.S. Department of Defense. I think it should be interpreted in a more common usage.

Yingping Xu (talk) 11:11, 19 May 2013 (UTC)

Feedback on Public Policy
Hi Fan, the idea of adding policies in this wiki page is great. It is very well structured, with the main points in bold and italic. The points clear and used neutral language. Maybe you can try to look for some more references to expand your ideas on these polices. After reading your part, I think you can make your part under a new title such as “Common policies in computer system” instead of under “Public policy”. Also, try to make the term that has an article in wiki into  if have any in your part. The last sentence seems not finished, please double check. — Preceding unsigned comment added by ChaoDOU (talk • contribs) 11:58, 19 May 2013 (UTC)

Re: Suggested split
I've removed the 'suggested split' template from the article because there seems to be no discussion or ...erm ...suggestion here. In any case, the article is very largely unsourced and therefore not in a fit state to split. If there is proof found that the subject justifies such a lengthy article, maybe the split can be put back on the agenda. Sionk (talk) 19:26, 2 June 2014 (UTC)