Claims-Based Enterprise-Wide Access Control
Access control is a primary consideration when standing up a high-assurance, internet-scale, and web-service based enterprise system for information sharing,. A generalized standards-based solution is presented. Central to this system is a process for access control that provides the fine-grained authorities for use by enterprise services. In all cases, the access control, rights and privileges are done by the web service itself, through its own Access Control Lists (ACLs), and are preceded by a bi-lateral authentication in both normal and federated service requests. The enterprise system relies on a unified naming and credentialing system for identity management which is not dealt with in this paper due to size constraints.