X.500 Standard status
X.509 Related activities
How to be involved
Tutorial section 1
Tutorial section 2
X.509 at work
Access control is about who may do what based on the level of authentication. This section is related to protection of information stored in a directory, but concepts described here could applied in other areas.
A piece of directory information requiring some kind of individual protection against unauthorized access is also called a protected item. A protected item can be all the information stored about an entity, or it can be a particular piece of such information, for example a secret telephone number.
The access control can be related to different types of operations. As an example, a user may be allowed to be read information, but not to modify it. At the extreme, an accessing user may not even know the existence of a certain piece of information.
When it comes to access control it a question about:
Access control can therefore be viewed in two ways:
For each directory entry a directory operation is accessing, a protected item may be of different level:
User may be listed individually or in groups as indicated: