1st CNIC Information Exchange on Computer-Based Access Control
→
Europe/Zurich
40-SS-C01 (CERN)
40-SS-C01
CERN
Description
Access control is dealing with the authentication of operators and DCS/DAQ users, the authorization of dedicated actions (e.g. writing parameters, changing settings), and the traceablity of them.
Potential solutions base on standard CERN accounts & passwords, multi-factor authentication (e.g. the CERN card), biometrics, etc. For e.g. the CCC, a role-based access control (RBAC) is foreseen. However, authorization is usually much more complex. Authorization does depend on the user and his role (the *who*), but might also depend on *where* this user is (in the control room, somewhere in the experiment / accelerator complex, in the office, at home, ...), *when* he tries to access (during data taking, beam tuning, beam injection, maintenance, ...), and eventually on extra permissions e.g. by the shift leader (who might want to deny access during delicate operations).
In discussions with AB/CO, ALICE, ATLAS, and others, plenty of similarities between the different approaches could be identified, including the struggles with the same sets of problems.
