Читать книгу The Internet of Medical Things (IoMT) - Группа авторов - Страница 38

Access control is a mechanism to ensure that users are who they say they are and have enough access to company data.

Access control at a high level is a selective restriction of data access. It comprises two primary components: authentication and authorization, as explained by Daniel Crowley, IBM’s X-Force Red research manager with a focus on data security.

Authentication is a technique used to check that someone claims to be. Authentication alone is not enough to protect data, as noted by Crowley. What is required is an additional authorization layer that assesses if a user should be authorized to access or execute the transaction.