Mandatory Access Control (MAC) ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. MAC secures information by assigning sensitivity labels on information and comparing this to the level of sensitivity a user is operating at. In general, MAC access control mechanisms are more secure than DAC yet have trade offs in performance and convenience to users. MAC mechanisms assign a security level to all information, assign a security clearance to each user, and ensure that all users only have access to that data for which they have a clearance. MAC is usually appropriate for extremely secure systems including multilevel secure military applications or mission critical data applications. A MAC access control model often exhibits one or more of the following attributes.
Only administrators, not data owners, make changes to a resource's security label.
All data is assigned security level that reflects its relative sensitivity, confidentiality, and protection value.
All users can read from a lower classification than the one they are granted (A "secret" user can read an unclassified document).
All users can write to a higher classification (A "secret" user can post information to a Top Secret resource).
All users are given read/write access to objects only of the same classification (a "secret" user can only read/write to a secret document).
Access is authorized or restricted to objects based on the time of day depending on the labeling on the resource and the user's credentials (driven by policy).
Access is authorized or restricted to objects based on the security characteristics of the HTTP client (e.g. SSL bit length, version information, originating IP address or domain, etc.)