Abstract
In the early days of online access control, there was no differentiation made between authentication (proving who you are) and authorization (what you were permitted to do). Once authenticated in a particular environment, a user was, for the most part, authorized to use everything. Over the years, the need for differentiating authorization grew alongside the difficulty of providing a finer-grain approach to granting access. This session will present a model of privilege management and its integration with the rest of the IdM infrastructure.