Authorization and Access Control
Description
Authorization is the function of specifying access rights to resources related to information security and computer security in general and to access control in particular. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system.
Access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using, and permission to access a resource is called authorization.
Authorization and access control are the most important counterparts to Authentication. They define how users are allowed to interact with a system. Whether in custom software or off-the-shelf systems things are rarely as simple as once you login do anything. Black Box implements schemes like Role based Authorization (RBAC) or customized controls based on characteristics such as access by location or by system.
Why It’s Valuable and How It’s Beneficial
Even when access is controlled through access control lists, the problems of maintaining the authorization data is not trivial, and often represents a great deal of administrative burden. Providing people with access to systems and information is always a risk, and mistakes can be incredibly costly when they violate the law or your customers’ trust.
What You Purchase and Receive
The Authorization and Access Control service provides you with the following development, reports, documentation, source materials, consulting, and implementations:
- Software development for creating, integrating, or building upon the following technologies: access control, access control lists (ACLs), authorization, Authorization Open Service Interface Definition (OSID), permissions, information security (InfoSec), Payment Card Industry Data Security Standard (PCI DSS), physical security, privilege escalation, and security engineering
- Complete code base containing all design and implementation source code
- Source code used for corresponding unit testing
- Software Verification and Validation Report (SVVR): A report containing the results of the verification and validation testing, which provides a full breakdown of the verified correctness and completion of all core requirements within corresponding specification and design documentation.
- Software and User Documentation: Written text that accompanies computer software that explains how the software operates, how it is used, and acts as the user manual for system administrators and support staff.
How Much It Will Cost
The cost of our Authorization and Access Control service is determined based on your deadlines and expectations, and the amount of time and effort necessary to provide the deliverables guaranteed by our service level expectations.
How We Will Work Together
All research materials, information, and documentation will be maintained, compiled, and stored by Programming and Application Services, and directly accessible over secure channels or through Black Box secure systems. Private Black Box accounts are created and assigned to our clients as soon as work begins, providing them with limited access to information and documentation related to ongoing design and development requiring client feedback or input.
Portfolio Showcase
Study Abroad Manager (SAM) is a web-based platform that simplifies and streamlines processes for international exchange offices, study abroad programs, and risk management departments and agencies.
SAM provides genuine flexibility in a secure, highly-usable fashion, and will help you build and manage content, forms, applications, and processes specifically for each program. SAM does more than simplify your day-to-day, it adapts to your information and processes. SAM not only streamlines your services, it allows you to digitally recreate each and every form, process, and account.