Section 3.9. Authentication, Authorization, and Accounting

Previous page
Table of content
Next page

3.9. Authentication, Authorization, and Accounting

AAA is a convenient acronym for authentication (proving who someone is), authorization (deciding who is permitted to do what), and accounting (keeping a record of what happened). AAA is important for all of the tools in this book, but perhaps SCM tools and bug tracking systems depend on it the most. Effective AAA depends on a good understanding of security issues and often uses cryptographic techniques and tools to enforce the chosen policies.

For some environments, strong AAA is a crucial requirement. In the same way that laboratory notebooks can be used as evidence, the output from some SCM tools has become evidence in cases such as the SCO debacle and other corporate patent wranglings. Accounting data for the U.S. Sarbanes-Oxley Act may be related to the information stored by an environment's tools. The FAA (Federal Aviation Authority) requires storage of the software used in its systems for at least 25 years.

Even the smallest companies and projects want to be confident that no one has added a "back door" to their product, either to get around paying for licenses or for other, more malicious purposes, such as spreading computer viruses and other malware. To avoid this, changes to a project should be made only by the people who have been both authenticated and authorized to make them. Finally, the changes themselves need to be auditable.


Previous page
Table of content
Next page
Practical Development Environments
Practical Development Environments
ISBN: 0596007965
EAN: 2147483647
Year: 2004
Pages: 150
Authors: Matthew Doar B.
BUY ON AMAZON
Beginning Cryptography with Java
Network Security Architectures
MySQL Cookbook
File System Forensic Analysis
Extending and Embedding PHP
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy