Chapter 11
In the previous chapter, we focused on the Microsoft Windows implementation of access control. Access control in Windows is user-based, allowing system administrators and security programmers to control who can access objects in the system to a very fine granularity. For this control to work, the system must maintain an identity for any code executing in the system. This identity is referred to as user context. Sometimes user context is referred to as security context or user security context.
In addition to the system's need to maintain a sense of identity, a secure service must also be able to maintain a sense of its clients' identities. Two goals for your service software are as follows:
This chapter describes the features you can use to develop your service so that Windows security meets these goals.