Professional Documents
Culture Documents
Practical Guide For Remote Access To Plant Equipment 66
Practical Guide For Remote Access To Plant Equipment 66
with authorization or access control as they are different functions. They are
three different functions. For example, when accessing a VPN concentrator,
determining the individual’s authorization should not be the concentrator’s
job. It should be referencing a separate identity and access management (IAM)
system using a protocol like security assertion markup language (SAML) to
validate the identity and not have the credentials stored locally. Once the
identity is confirmed, it should access an authorization service to determine the
person’s access rights. Only then should it allow or deny access to the assets
behind the VPN. Wikipedia has a good example: https://en.wikipedia.org/wiki/
Identity_management.
One must weigh all aspects with regard to the initial screening of individuals
with any delays this may cause. For this reason, the ability to link known
attributes or contracts with individuals will streamline access while
providing an initial barrier for others. The need to initially acquire data or
link the individual to a known contract will also provide greater assurance of
proper activity and avoid liability issues.