Specifications
50
Utilizing this methodology, the Barracuda SSL VPN is able to maintain robust, secure, and flexible
access control architecture.
What is a Resource?
A ‘resource’ is defined as an application, utility, data source, or any other privileged ability that when
assigned will allow the user to conduct certain tasks. Think of it as the endpoint, or objective that a
user wishes to achieve. This could be something as simple as a user accessing their email client to read
their mail. In this case, the resource would be the email. Similarly, an intranet Web Site would also be
classed as a resource – just as a network share would be. All accessible stores of ‘informational value’
are deemed to be resources under this concept.
What is a Principal?
As already mentioned, the ‘principal’ simply refers to a user or group of users. The principal entity sits
at the other end of the access control chain. The process flow begins with this entity and ends with the
resource entity. Within the product these principals are only differentiated by the access rights they are
assigned.
What is a Policy?
A ‘policy’ is the glue by which all principals and resources can cohesively work together. As the
diagram below shows, the means by which a principal entity has access to a resource entity is through
the policy and the means by which a resource entity becomes accessible is again through the policy.
Policies represent a form of trust. A high level of trust equates to a policy of greater flexibility and
responsibility; whereas a user with minimal trust may be assigned policies that grant them fewer
privileges.
A ‘power user’ of the system manages the appliance and thus must have a higher degree of trust and
consequently is granted a policy that covers a much greater scope of responsibility. The opposite can
be said for a standard user whose policy may only grant the bare essentials required to allow them to
perform their duties.
What is Permission?