{"title":"公立和私立大学身份管理、访问控制和授权实践的比较分析。","authors":"Elissa Mollakuqe, Vesna Dimitrova","doi":"10.12688/openreseurope.16634.2","DOIUrl":null,"url":null,"abstract":"<p><strong>Background: </strong>This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions.</p><p><strong>Methods: </strong>To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies.</p><p><strong>Results: </strong>This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features.</p><p><strong>Conclusions: </strong>This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.</p>","PeriodicalId":74359,"journal":{"name":"Open research Europe","volume":"4 ","pages":"23"},"PeriodicalIF":0.0000,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11294802/pdf/","citationCount":"0","resultStr":"{\"title\":\"Comparative analysis of identity management, access control, and authorization practices in public and private universities.\",\"authors\":\"Elissa Mollakuqe, Vesna Dimitrova\",\"doi\":\"10.12688/openreseurope.16634.2\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><strong>Background: </strong>This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions.</p><p><strong>Methods: </strong>To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies.</p><p><strong>Results: </strong>This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features.</p><p><strong>Conclusions: </strong>This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.</p>\",\"PeriodicalId\":74359,\"journal\":{\"name\":\"Open research Europe\",\"volume\":\"4 \",\"pages\":\"23\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11294802/pdf/\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Open research Europe\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12688/openreseurope.16634.2\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2024/1/1 0:00:00\",\"PubModel\":\"eCollection\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Open research Europe","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12688/openreseurope.16634.2","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
研究背景本研究深入探讨了公立和私立大学领域内身份管理、访问控制和授权实践的关键方面。身份管理涉及对用户身份的细致管理和控制,包括建立和维护用户档案、角色分配和访问权限。访问控制是定义和执行政策的实践,这些政策管理谁可以访问 IT 系统或应用程序,以及他们可以与哪些资源交互。而授权则是根据用户的角色和权限,确定授予用户的具体操作和权限:为了了解身份管理和访问控制方法的差异,我们对公立大学和私立大学进行了比较分析。我们仔细研究了可访问大学系统的用户群、访问限制的执行情况、身份验证方法和密码政策。此外,我们还研究了授权流程的细微差别、授权级别、访问审批权限、用户状态和角色变更、唯一用户账户管理、账户删除程序、用户认证方法、密码复杂性和过期政策、密码存储方法以及会话终止政策:这项研究表明,公立大学和私立大学都优先考虑这些安全措施,并对这些程序进行了共同的分类。然而,也存在一些差异,如私立大学的用户群体中包括承包商和供应商,私立机构中用户账户的手动删除,以及密码政策和存储方法的不同。私立大学往往执行更严格的密码政策,采用更安全的密码存储方法,并实施自动会话终止功能:这项研究为了解公立和私立大学在保护其数字环境方面所采取的做法和方法提供了宝贵的见解。研究结果为加强身份管理、访问控制和授权协议提供了宝贵的资源,使各机构能够在不断变化的威胁环境中加强网络安全防御。
Comparative analysis of identity management, access control, and authorization practices in public and private universities.
Background: This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions.
Methods: To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies.
Results: This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features.
Conclusions: This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.