Which concept maps objects to rights for subjects?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Identity and Access Manager Exam using flashcards and multiple-choice questions. Gain insights into the exam format, practice with real-world scenarios, and ensure your success in becoming a certified professional.

Multiple Choice

Which concept maps objects to rights for subjects?

Explanation:
Capability-based access control centers on giving each subject a set of tokens, called capabilities, that encode the rights to specific objects. Each capability is a portable proof that a subject may perform certain operations on a particular object. Because the rights are carried with the subject, the system can grant, transfer, or revoke access by issuing or invalidating these capabilities, without needing a central list consulted on every access. This makes the concept map directly from objects and their allowed operations to the subject that holds the corresponding rights, since the capability itself specifies what can be done with which object. In other words, a subject’s capability list defines the rights they have for various objects, and access is granted by presenting a valid capability. Compared to the alternative model where an object maintains an access control list of subjects and permissions, capability-based control shifts the perspective to the bearer’s possession of a token that encodes the authorization, enabling delegation and more distributed control.

Capability-based access control centers on giving each subject a set of tokens, called capabilities, that encode the rights to specific objects. Each capability is a portable proof that a subject may perform certain operations on a particular object. Because the rights are carried with the subject, the system can grant, transfer, or revoke access by issuing or invalidating these capabilities, without needing a central list consulted on every access.

This makes the concept map directly from objects and their allowed operations to the subject that holds the corresponding rights, since the capability itself specifies what can be done with which object. In other words, a subject’s capability list defines the rights they have for various objects, and access is granted by presenting a valid capability.

Compared to the alternative model where an object maintains an access control list of subjects and permissions, capability-based control shifts the perspective to the bearer’s possession of a token that encodes the authorization, enabling delegation and more distributed control.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy