公立大学与私立大学身份管理、访问控制和授权实践的比较分析。
Comparative analysis of identity management, access control, and authorization practices in public and private universities.
作者信息
Mollakuqe Elissa, Dimitrova Vesna
机构信息
Faculty of Information Sciences and Computer Engineering, Ss. Cyril and Methodius University, Skopje, North Macedonia, 1000, North Macedonia.
出版信息
Open Res Eur. 2024 Jul 29;4:23. doi: 10.12688/openreseurope.16634.2. eCollection 2024.
BACKGROUND
This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions.
METHODS
To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies.
RESULTS
This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features.
CONCLUSIONS
This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.
背景
本研究深入探讨公立和私立大学领域内身份管理、访问控制和授权实践的关键方面。身份管理涉及对用户身份的细致管理和控制,包括用户档案的建立和维护、角色分配以及访问权限。访问控制是定义和执行策略的实践,这些策略规定谁可以访问IT系统或应用程序以及他们可以与哪些资源进行交互。与此同时,授权根据用户的角色和权限确定授予他们的特定操作和特权。
方法
为了解身份管理和访问控制方法的差异,我们对公立和私立大学进行了比较分析。我们的调查审查了有权访问大学系统的用户群体、访问限制的执行情况、认证方法和密码策略。此外,我们还研究了授权流程的细微差别、授权级别、访问批准权限、用户状态和角色变化、独特的用户账户管理、账户删除程序、用户认证方法、密码复杂性和过期策略、密码存储方法以及会话终止策略。
结果
本研究表明,公立和私立大学都重视这些安全措施,并且对这些流程有共同的分类。然而,存在一些差异,例如私立大学的用户群体中包括承包商和供应商、私立机构手动删除用户账户,以及密码策略和存储方法的差异。私立大学倾向于实施更严格的密码政策,采用更安全的密码存储方法,并实现自动会话终止功能。
结论
本研究为公立和私立大学保护其数字环境所采用的实践和方法提供了有价值的见解。这些发现是增强身份管理、访问控制和授权协议的宝贵资源,使机构能够在不断演变的威胁环境中加强其网络安全防御。
Zotero 插件