The general point behind this is that Identity and Access Management objects are themselves concepts that an attacker may be able to alter, similarly to how they are able to interact with Credentials, which already extend Information. Identity and Access Management objects are a specialised type of Information that define access control privileges which the attacker may be able to deny leading to a lockout or manipulate so that they gain access through it.
Extending Information also grants IAMObjects access to the Replica association which may be relevant for some directory services which use backups for the entries.
Have the abstract
IAMObjectwhich serves as the basis for theIdentity,Group, andPrivilegesassets extendInformation.This idea came out of a recent look at how
Privilegescan be used to represent directory entries in the a directory service.The general point behind this is that Identity and Access Management objects are themselves concepts that an attacker may be able to alter, similarly to how they are able to interact with
Credentials, which already extendInformation. Identity and Access Management objects are a specialised type ofInformationthat define access control privileges which the attacker may be able to deny leading to a lockout or manipulate so that they gain access through it.Extending
Informationalso grantsIAMObjectsaccess to theReplicaassociation which may be relevant for some directory services which use backups for the entries.