| Title: 4.2.2 - Definitions |
| NavPrev: 4.2.1-introduction.html |
| NavPrevText: 4.2.1 - Introduction |
| NavUp: 4.2-authorization.html |
| NavUpText: 4.2 - Authorization |
| NavNext: 4.2.3-enabling-access-control.html |
| NavNextText: 4.2.3 - Enabling Access Control |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| # 4.2.2 - Definitions |
| |
| **ACI** : |
| |
| > Access Control Information. The set of all the information which might |
| > be relevant to an access control decision for a given subject. |
| |
| **ACDF** : |
| |
| > Access Control Decision Function. It is the function used to decide |
| > whether a particular subject has a particular access right by virtue of |
| > applicable ACI items. |
| |
| **protected item** : |
| |
| > A protected item is the element of directory information being |
| > accessed. The protected items are entries, attributes, attribute values |
| > and distinguished names. Access to each protected item can be separately |
| > controlled through ACI. |
| |
| **subject** : |
| |
| > The entity acting on the server. It can be a person, a program, ... It |
| > aggregates the identity and the security related attributes (passwords, |
| > ceritifcates...) for this entity. |