imported>WikiAuggie: Updated for new version.

2025-10-26T22:19:59Z

Updated for new version.

New page

{{inline|date=April 2016}}
{{Infobox software
| name = Distributed Access Control System
| released = {{Start date and age|2005}}
| latest release version = 1.5.1
| latest release date = {{Start date and age|2025|10|17}}
| latest preview version =
| latest preview date =
| programming language = C with APIs for some other languages
| operating system = [[FreeBSD]], [[Linux]], [[macOS]]
| size =
| language = English
| genre = [[Computer security]]
| license = Modified [[Sleepycat License]]
| website = {{URL|https://dacs.dss.ca/}}
}}

'''Distributed Access Control System''' (DACS)<ref>{{cite web|url=https://dacs.dss.ca|title=DACS: The Distributed Access Control System}}</ref> is a light-weight [[single sign-on]] and [[attribute-based access control]] system for [[web server]]s and [[Server (computing)|server-based software]]. DACS is primarily used with [[Apache HTTP Server|Apache web servers]] to provide enhanced access control for web pages, [[Common Gateway Interface|CGI]] programs and [[servlet]]s, and other web-based assets, and to [[Federated identity|federate]]
Apache servers.

Released under an [[open-source license]], DACS provides a modular [[authentication]] [[Software framework|framework]] that supports an array of common authentication methods and a rule-based [[authorization]] engine that can grant or deny access to resources, named by [[Uniform Resource Locator|URLs]], based on the identity of the requestor and other contextual information. Administrators can configure DACS to identify users by employing authentication methods and user accounts already available within their organization. The resulting DACS identities are recognized at all DACS jurisdictions that have been federated.

In addition to simple web-based [[Application Programming Interface|APIs]], [[Command line|command-line interfaces]] are also provided to much of the functionality.
Most web-based APIs can return [[XML]] or [[JSON]] documents.

Development of DACS began in 2001, with the first open source release made available in 2005.

==Authentication==
DACS can use any of the following authentication methods and account types:
* [[X.509]] client certificates via [[Transport Layer Security|SSL]]
* self-issued or managed [[Information Card|Information Cards (InfoCards)]] (deprecated)
* [[two-factor authentication]]
* [[OpenID Connect|OpenID Connect (OIDC)]] Relying Party
* [[HOTP|Counter-based]], [[Time-based One-time Password Algorithm|time-based]], or grid-based [[one-time password]]s, including [[security token]]s
* [[Unix-like]] systems' [[Passwd (database)|password]]-based accounts
* [http://httpd.apache.org/docs/2.2/howto/auth.html Apache authentication modules] and their password files
* [[NTLM|Windows NT LAN Manager (NTLM)]] accounts
* [[Lightweight Directory Access Protocol|LDAP]] or [[Active directory|Microsoft Active Directory (ADS)]] accounts
* [[RADIUS]] accounts
* [[Central Authentication Service|Central Authentication Service (CAS)]]
* [[Hypertext Transfer Protocol|HTTP]]-requests (e.g., Google ClientLogin)
* [[Pluggable Authentication Modules|PAM]]-based accounts
* private username/password databases with salted password hashing using [[SHA-1]], [[SHA-2]], or [[SHA-3]] functions, [[PBKDF2]], or [[scrypt]]
* imported identities
* computed identities

The extensible architecture allows new methods to be introduced.

The DACS distribution includes various cryptographic functionality,
such as [[Cryptographic hash function|message digests]], [[HMAC]]s,
[[Encryption|symmetric and public key encryption]],
ciphers ([[ChaCha20]], [[OpenSSL]]),
[[digital signatures]],
password-based key derivation functions ([[HKDF]], [[PBKDF2]]),
and
memory-hard key derivation functions ([[scrypt]], [[Argon2]]),
much of which is available from a simple scripting language.

DACS can also act as an Identity Provider for InfoCards and function as a Relying Party,
although this functionality is deprecated.

==Authorization==
DACS performs access control by evaluating access control rules that are specified by an administrator.
Expressed as a set of [[XML]] documents, the rules are consulted at [[Run time (program lifecycle phase)|run-time]] to determine
whether access to a given resource should be granted or denied.
As access control rules can be arbitrary computations, it
combines attribute-based access control, role-based access control,
policy-based access control, delegated access control, and other approaches.
The architecture provides many possibilities to administrators.
==See also==
{{Portal|Free and open-source software}}

* [[Access control]]
* [[Computer security]]

==References==
{{reflist}}
;Notes
{{refbegin}}
* R. Morrison, [http://www.site-reference.com/articles/Website-Development/Web-2-0-Access-Control-Part-1.html "Web 2.0 Access Control"], 2007.
* J. Falkcrona, [http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11224 "Role-based access control and single sign-on for Web services"], 2008.
* B. Brachman, [http://www.ibm.com/developerworks/webservices/library/ws-soa-access.html "Rule-based access control: Improve security and make programming easier with an authorization framework"], 2006.
* A. Peeke-Vout, B. Low, [https://archive.today/20130414191213/http://www.foss4g2007.org/presentations/view.php?abstract_id=203 "Spatial Data Infrastructure (SDI)-In-A-Box, a Footprint to Deliver Geospatial Data through Open Source Applications"], 2007.
{{refend}}

==External links==
* {{Official website|url=https://dacs.dss.ca}}
* {{sourceforge|dacs}}

{{DEFAULTSORT:Distributed Access Control System (Dacs)}}
[[Category:Cross-platform free software]]
[[Category:Free security software]]
[[Category:Free software programmed in C]]
[[Category:Unix security software]]
[[Category:Unix user management and support-related utilities]]
[[Category:Computer access control]]

Distributed Access Control System - Revision history

imported>WikiAuggie: Updated for new version.