Risk-based weights and red flag factors in access control policies
Ori Pomerantz has just published a How-
IBM Security Access Manager for Web (ISAM) access control policies usually depend on which URL is being accessed. Different URLs can require different levels of authentication, can be accessible to different user groups, and so on.
In risk-based access control, the decision to permit access to a URL can also be determined by request characteristics. For example, the address of the device that sent the request could be factored into the access control policy.