After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?
A.
Fine-grained access control
B.
Role-based access control (RBAC)
C.
Access control lists
D.
Network/service access control
Explanation:
Authorization in this VoIP case can best be addressed by role-based access control (RBAC) technology. RBAC is easy to manage and can enforce strong and efficient access controls in large-scale web environments including VoIP implementation. Access control lists and fine-grained access control on VoIP web applications do not scale to enterprisewide systems, because they are primarily based on individual user identities and their specific technical privileges. Network/service addresses VoIP availability but does not address application-level access or authorization.