What Is the Lowest Cost Access Control System?

Access control system comes in varies types and security level. And you choose according to your security level and budget

1. Why do ACLs (access control lists) have better persistence than capabilities?

There's a lot of confusion and regrettable writing out there surrounding the comparison between ACLs and capabilities. Often, when books make a comparison, they are referring to one particular type of ACL system vs one particular type of capability system, but the difference is not always fundamental. So, if you see some comparison like this, I would not worry about it too much. In particular, capabilities can certainly have equal persistence to ACLs. As an extreme example: If you have a persistent store and all applications are persistent (so that when the machine reboots, all applications are relaunched with the same state as before the crash), then capabilities will be persistent. You can achieve the same level of persistence. Historically, people who have built capability systems in the past might not have built them that way (usually), but that is not always a guide to what is or is not fundamental.So, I would take issue with the book's claim that ACLs have better persistence than capabilities. That's not necessarily true; it will depend on specifically how the ACLs and capabilities are implemented by the system and used by applications. (Also note that so-called "POSIX capabilities" are a bit of a misnomer and it's not clear we should really call them capabilities.)I do realize that this might or might not help you if you are taking a course, as depending on the instructor, the instructor might expect you to go by what the book says and might not appreciate other perspectives (or, more benignly, want you to understand things from the textbook's perspective before taking a broader view)

2. How to add multiple URL to Access-Control-Allow-Origin header in SharePoint 2013 web.config

You could set Access-Control-Allow-Origin dynamically in Global.asax.Check the thread here

3. Duplication of view access control logic in database queries and application component

My answer would be approach 3:Use the same Objects you do in business layer to back the listing screens.You would:I believe that this beats both approach 1 and 2 because it will require less coding, and should also require less regression testing

4. Is it ok to have validation layer before access control layer

There must be some validation before access control. Let's say SO's API has an endpoint "edit answer", then whether the user can edit a particular answer can depend on the answer (below a certain reputation, a user can only edit his own answers). So the "answer ID" parameter being well-formed must be verified before the access control layer comes into play; possibly also that the answer exists. OTOH, as Caleth and Greg mention, putting more extensive validation before access control is a potential security risk.So the hard rules areFollowing both these rules may mean that you have to have some validation before and some after access control

5. What kinds of internship in a power plant would allow the intern access to the control room without requiring a STEM background?

Reason: They would need to get to know the place they are working atWhy would you need a reason to have a new employee/intern get an explanation of whatever they are going to be working with as a part of a team?You already state that the technology they are going to have explained to them is of experimental nature. Thus it is highly unlikely that they would already have a good idea of how it works (as you put it)

6. Mobile Credentials for Access Control—Everything Has Changed

According to Proxy's 2019 Physical Security Trends Report, 17.3 percent of card or fob users have lost at least one card or fob in the last year. The era of legacy physical access control credentials is rapidly transforming. A convergence in physical and logical access control is driving completely new and different behaviors. In an ever-accelerating trend, estimates are that 90 percent of the wireless locks sold are integrated with other smart devices. No longer will you struggle to manage a variety of insecure and vulnerable physical credentials when you can manage all of that through a mobile app. As this market expands into non-traditional access control applications, the necessity for an access control credential on an ubiquitous mobile device becomes mandatory. In the very near future, everyone will carry a credential, and a mobile credential housed on a smartphone is the only viable way to address these needs. Why do we make this claim? Four main reasons: Smartphone-based credentials are inherently more secure, can do so much more, can significantly reduce installation costs and are nearly impossible to clone. Forget about high-security credentials such as MIFARE and sophisticated certificate handshakes. The single largest security risk for access control is a valid credential in the wrong hands. It does not matter if it's a 125KHz "dumb" prox card or the most sophisticated smart, because now a potentially malicious user has access, and no one will know if that lost card is not reported. Your smartphone as your credential is significantly more secure because of one simple fact: people may not know where their access control credential is at any given time, but they are intimately aware of where their smartphone is at all times and this location can be tracked. In addition, users are quite careful who they allow to hold or use their phone. A large manufacturer end user once estimated that approximately 30 percent of its employees entered the grounds without their credential on any given day. Employees would wave something looking like a credential at the guard shack and yell that it did not work. With 600 people coming in during a shift change and cars backing up at the gate, the guard would open up to keep traffic flowing. That's not a solution, that's a huge security risk. So, how is the world of credentials changing forever? A smartphone-based credential can do so much more. Now and in the near future, we will see features such as: Multifactor authentication (MFA). Smartphones already implement MFA. Soon, new mobile credential implementations will allow administrators to require a screen unlock pin/biometric/gesture to set up a mobile credential, thus implementing MFA with no new hardware at the door. Mass notification. A credential-supporting two-way communication with active notification capabilities-can be leveraged to send automated or ad-hoc notifications to users. Add location services and Geo-fencing capability, and you can send notifications only to those who are within a specific geographic area. Location awareness. Stop treating a smartphone like a legacy credential; no one should ever "badge" a phone at a reader. By using location services, administrators can define how near to the door a person must be to request access. Virtual buttons. With an app for users that uniquely identifies them, why not give them more? We will have the ability to add virtual buttons to an app to perform functionality specified by the administrator and distributed only to those allowed to use them. Personal Safety/Personal Emergency Response (PERS). A mobile app that functions as the user's credential and provides two-way communications with a central monitoring station will also provide a path for two-way emergency communications. An employee leaving the building at the end of the shift can quickly and easily ask for assistance or notify security of a potential issue remotely via the mobile device in her hand. Revoking a credential. An administrator can disable a user's mobile credential at any time from the server with no need to access the actual smartphone. The smartphone app knows how to submit a credential request but has no idea how to unlock a door. Administrators can also remotely wipe smartphones of the mobile credential and related apps connected to a corporate network. A smartphone credential adds significant functionality over a traditional credential and is always upgradeable to add new capabilities-all for the same cost, or less, than traditional credentials. Also, users do not require a reader to enter a door, so enterprises can eliminate readers on most doors to keep the entrance looking clean and reduce installation costs. We are witnessing unprecedented changes in the tools and services used every day, and one of those tools is your access control credential. The security of a door is only as strong as the management of the credential. It makes sense for that critical credential to be secured inside the most highly encrypted device-your own smartphone.