Class 11

Resources:

• Understanding Access Control Systems
• Roles and Capabilities
• Event-Driven Programming in Node.js

Review, Research, and Discussion

1. Why is access control important?
   • Access control is important because it is a valuable security technique that can be used to regulate who or what can view or use any given resource. In an I.T security setting this could translate to who can access and edit a particular file, what kinds of equipment can be used or who can access certain devices.
2. Describe an application that would need access control.
   • Any news-based app (BBC, CNN, FOX and etc). Regular users are able to read news, but they cannot update, delete or add new articles.
3. What is a role used for?
   • role determines which permissions the system grants to the user. (Ex admin, editor, user etc)
4. Why is role based access control more scalable than discretionary or mandatory access control?
   • Discretionary Access Control (DAC). The user has direct control over all of the programs and files in the system, which is a complicated way of saying one method of access always opens all the doors.
   • Mandatory Access Control (MAC). This is the opposite of DAC. When MAC is the paradigm, a policy, hardware component, or software component is used to restrict access. This can be a password or keypad.
   • Role based access control more scalable because permissions are granted according to roles and roles are assigned to users. This model is user-friendly because administrators can centrally manage and administer roles.

Vocabulary Terms

1. Authorization
   • It is the process of verifying what users have access to (what they are allowed to do).
2. Role Based Access Control
   • Role-based access control (RBAC) restricts network access based on a person’s role within an organization and has become one of the main methods for advanced access control. The roles in RBAC refer to the levels of access that employees have to the network.
   • Employees are only allowed to access the information necessary to effectively perform their job duties. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access to computer resources can be limited to specific tasks such as the ability to view, create, or modify a file.
3. Capabilities
   • Using RBAC there are sets of tasks called capabilities. A site owner can manage the user access to such tasks depends on user’s role. There are many capabilities including “publish posts“, “moderate comments“, “delete users“ and etc

Preview / Event-Driven Programming in Node.js

Event-driven programming is when a program is designed to respond to user engagement in various forms. It is known as a programming paradigm in which the flow of program execution is determined by “events.” Events are any user interaction, such as a click or key press, in response to prompt from the system.