Official (ISC)² SSCP – Domain 1: Access Controls

Access Control Object
A passive entity that typically receives or contains some form of data.
Access Control Subject
An active entity and can be any user, program, or process that requests permission to cause data to flow from an access control object to the access control subject or between access control objects.
Asynchronous Password Token
A one-time password is generated without the use of a clock, either from a one-time pad or cryptographic algorithm.
Determines whether a user is permitted to access a particular resource.
Connected Tokens
Must be physically connected to the computer to which the user is authenticating.
Contactless Tokens
Form a logical connection to the client computer but do not require a physical connection.
Disconnected Tokens
Have neither a physical nor logical connection to the client computer.
A set of rules, defined by the resource owner, for managing access to a resource (asset, service, or entity) and for what purpose.
Identity Management
The task of controlling information about users on computers.
Proof of Identity
Verify people’s identities before the enterprise issues them accounts and credentials.
A popular network authentication protocol for indirect (third-party) authentication services.
Lightweight Directory Access Protocol (LDAP)
A client/server-based directory query protocol loosely based on X.500, commonly used to manage user information. LDAP is a front end and not used to manage or synchronize data per se as opposed to DNS.
Single Sign-On (SSO)
Designed to provide strong authentication using secret-key cryptography, allowing a single identity to be shared across multiple applications.
Static Password Token
The device contains a password that is physically hidden (not visible to the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token
A timer is used to rotate through various combinations produced by a cryptographic algorithm.
Trust Path
A series of trust relationships that authentication requests must follow between domains