Distributed Access Control System (DACS) is a light-weight single sign-on and attribute-based access control system for

web server A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiate ...

s and server-based software. DACS is primarily used with Apache web servers to provide enhanced access control for web pages, CGI programs and servlets, and other web-based assets, and to federate Apache servers. Released under an open-source license, DACS provides a modular authentication

framework A framework is a generic term commonly referring to an essential supporting structure which other things are built on top of. Framework may refer to: Computing * Application framework, used to implement the structure of an application for an op ...

that supports an array of common authentication methods and a rule-based authorization engine that can grant or deny access to resources, named by URLs, based on the identity of the requestor and other contextual information. Administrators can configure DACS to identify users by employing authentication methods and user accounts already available within their organization. The resulting DACS identities are recognized at all DACS jurisdictions that have been federated. In addition to simple web-based

APIs Apis or APIS may refer to: * Apis (deity), an ancient Egyptian god * Apis (Greek mythology), several different figures in Greek mythology * Apis (city), an ancient seaport town on the northern coast of Africa **Kom el-Hisn, a different Egyptian ci ...

, command-line interfaces are also provided to much of the functionality. Most web-based APIs can return XML or

JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other ser ...

documents. Development of DACS began in 2001, with the first open source release made available in 2005.

Authentication

DACS can use any of the following authentication methods and account types: * X.509 client certificates via

SSL SSL may refer to: Entertainment * RoboCup Small Size League, robotics football competition * ''Sesame Street Live'', a touring version of the children's television show * StarCraft II StarLeague, a Korean league in the video game Natural language ...

* self-issued or managed Information Cards (InfoCards) (deprecated) * two-factor authentication * Counter-based, time-based, or grid-based one-time passwords, including security tokens * Unix-like systems' password-based accounts
Apache authentication modules
and their password files * Windows NT LAN Manager (NTLM) accounts * LDAP or Microsoft Active Directory (ADS) accounts * RADIUS accounts * Central Authentication Service (CAS) * HTTP-requests (e.g., Google ClientLogin) * PAM-based accounts * private username/password databases with salted password hashing using SHA-1, SHA-2, or SHA-3 functions,

PBKDF2 In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 1 and 2) are key derivation functions with a sliding computational cost, used to reduce vulnerabilities of brute-force attacks. PBKDF2 is part of RSA Laboratories' Pu ...

, or scrypt * imported identities * computed identities The extensible architecture allows new methods to be introduced. The DACS distribution includes various cryptographic functionality, such as message digests,

HMAC In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret ...

s, symmetric and public key encryption, ciphers (

ChaCha20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...

), digital signatures, password-based key derivation functions ( HKDF,

), and memory-hard key derivation functions ( scrypt, Argon2), much of which is available from a simple scripting language. DACS can also act as an Identity Provider for InfoCards and function as a Relying Party, although this functionality is deprecated.

Authorization

DACS performs access control by evaluating access control rules that are specified by an administrator. Expressed as a set of XML documents, the rules are consulted at run-time to determine whether access to a given resource should be granted or denied. As access control rules can be arbitrary computations, it combines attribute-based access control, role-based access control, policy-based access control, delegated access control, and other approaches. The architecture provides many possibilities to administrators.

References

;Notes * R. Morrison
"Web 2.0 Access Control"
2007. * J. Falkcrona
"Role-based access control and single sign-on for Web services"
2008. * B. Brachman

2006. * A. Peeke-Vout, B. Low, [https://archive.today/20130414191213/http://www.foss4g2007.org/presentations/view.php?abstract_id=203 "Spatial Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications"], 2007.

External links

* * {{DEFAULTSORT:Distributed Access Control System (Dacs) Cross-platform free software Free security software Free software programmed in C Unix security software Unix user management and support-related utilities Computer access control

Authentication

Authorization

See also

References

External links