How does DACS facilitate accessibility and sharing?
Simply put, DACS lets a system administrator create areas on a web site for which access is restricted to particular users. DACS achieves this by managing users’ identities and by enforcing role-based access control. Users may prove their identity to DACS in a variety of ways, depending on how DACS has been configured for the web site. • Identities and Authentication A user who wants to access a web service that is protected by DACS (called a DACS-wrapped service) must usually first identify and authenticate himself to DACS; that is, he must provide the name of an identity and then “prove” that he is permitted to assume that identity. A user typically does this by providing a username and password, a digital certificate, or through two-factor authentication. Regardless of the authentication method employed, DACS gives a successfully authenticated user cryptographically protected credentials that represent the authenticated DACS identity and which have a limited lifetime. Credentials ar
