Approaches to access management
Having summarized the many and sometimes conflicting requirements that an access management system must address, we now consider a number of actual schemes currently in use or under consideration and analyze how well they meet these requirements.
It’s important to recognize that in solving real-world problems more than one approach may be relevant at a single institution; one might use one scheme for one class of users and a different scheme for another class. For example, an institution might choose to manage access for kiosks and public workstations by IP source address, and to use a credential scheme for other users. Indeed, virtually all of the major institutional systems that are currently being deployed combine multiple approaches. Also, note that approaches can be cascaded in a hierarchy; for example, a resource might be set up to first check whether a user could be validated by an IP source filtering approach but if the IP source address isn’t valid for access, the resource might then apply a credential-based access management test.