The PAC-LAC Connection
The PAC-LAC Connection
Nishant had blogged about the convergence of Physical and Logical access control a while back, and with the number of things coming out of the US Government, I can assure you that this will be a major concern going forward. The activist stunt (my perception) pulled by the fruitcake in VT, Catherine C. Mayo, will certainly help justify the need for identity and access control to be very tightly coupled. Anywhooooo….
So I have been working a lot in two areas recently – HSPD-12 and CIP 001-009 (NERC Critical Infrastructure Protection). Both of the major initiatives signal, I believe, the inevitability of Physical Access Control (PAC) and Logical Access Control (LAC) combining to ultimately be able to enforce access policy to physical structures and data.
The interesting part of this will be protecting privacy while removing anonymity from access.
I would hope that the relatively new identity based access control solutions will be considered for several reasons – a person’s identity can be bound to a physical avatar (think smart card/badge) that will enable the passing of credentials by a user to a machine/system that could be argued will help protect privacy. It’s a physical object to physical object transaction (card to reader). That avatar can then be used for Logical (network) Access Control since a card reader will be bound to a person’s workstation and now you have a physical to virtual transaction. Then it’s all virtual from there.
The next question would be - how can we emulate a physical avatar in a virtual world?
One answer is - user and machine identity. Bind the avatar and the user to the device used to operate in the virtual world.
I can’t use my lawnmower to traverse networks, nor can I use my computer to mow my lawn (boy would that be great though). The point here is I want to be able to associate the components of my identity (lawnmower riding skills) with the tools (lawnmower) required by the environment I am in (uncut lawn). Maybe it’s not the best example, but you’ll know where to find me this weekend.
So what I have been working on is telling and showing people that the PAC-LAC bridge exists today. It’s not obvious, but boy is it powerful…
Identitystuff @ gmail.com
Nishant had blogged about the convergence of Physical and Logical access control a while back, and with the number of things coming out of the US Government, I can assure you that this will be a major concern going forward. The activist stunt (my perception) pulled by the fruitcake in VT, Catherine C. Mayo, will certainly help justify the need for identity and access control to be very tightly coupled. Anywhooooo….
So I have been working a lot in two areas recently – HSPD-12 and CIP 001-009 (NERC Critical Infrastructure Protection). Both of the major initiatives signal, I believe, the inevitability of Physical Access Control (PAC) and Logical Access Control (LAC) combining to ultimately be able to enforce access policy to physical structures and data.
The interesting part of this will be protecting privacy while removing anonymity from access.
I would hope that the relatively new identity based access control solutions will be considered for several reasons – a person’s identity can be bound to a physical avatar (think smart card/badge) that will enable the passing of credentials by a user to a machine/system that could be argued will help protect privacy. It’s a physical object to physical object transaction (card to reader). That avatar can then be used for Logical (network) Access Control since a card reader will be bound to a person’s workstation and now you have a physical to virtual transaction. Then it’s all virtual from there.
The next question would be - how can we emulate a physical avatar in a virtual world?
One answer is - user and machine identity. Bind the avatar and the user to the device used to operate in the virtual world.
I can’t use my lawnmower to traverse networks, nor can I use my computer to mow my lawn (boy would that be great though). The point here is I want to be able to associate the components of my identity (lawnmower riding skills) with the tools (lawnmower) required by the environment I am in (uncut lawn). Maybe it’s not the best example, but you’ll know where to find me this weekend.
So what I have been working on is telling and showing people that the PAC-LAC bridge exists today. It’s not obvious, but boy is it powerful…
Identitystuff @ gmail.com
posted by Mark Mac Auley at 8/18/2006
Get My Identitystuff Newsletter
0 Comments:
Post a Comment
<< Home