Security Model
WebStream ACP secures legacy applications by governing the interaction layer between the user and the application, rather than trusting the network or the application itself. Every meaningful interaction — file, print, clipboard, identity — passes through a policy decision and is recorded.
Principles
- Govern interactions, not just access. Access tools grant a connection; ACP controls what happens during the session.
- Enforce at the point of interaction. Policy is applied at the session host where files, printing, and clipboard activity occur.
- Default to least privilege. Built-in policy sets start restrictive (
notrust); you open up only where a workflow requires it. - Make everything observable. Interactions produce audit events, turning a former blind spot into a visible, reportable record.
The controls
| Control | Reference |
|---|---|
| File-system trust and path rules | Trust Levels, File Access |
| Print routing and PDF output | Print Control |
| Clipboard direction and limits | Clipboard Governance |
| Identity and single sign-on | Identity Overview |
| Session limits and isolation | Session Limits |
| Audit and recording | Audit Events, Session Recording |
How this compares to RDP and VDI
RDP and VDI provide access but no control over file operations, no visibility into user activity, and no policy enforcement at the interaction layer. ACP provides access and control: granular file policies, complete audit visibility, and enforcement at every interaction — delivered browser-native with no client install.