HOME

TheInfoList



Click Here for Items Related To - Authorization bill
OR:
Authorization bill on:   [Wikipedia]   [Google]   [Amazon]

Authorization or authorisation (see spelling differences), in
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
,
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
and IAM (Identity and Access Management), is the function of specifying rights/privileges for accessing resources, in most cases through an access policy, and then deciding whether a particular ''subject'' has privilege to access a particular ''resource''. Examples of ''subjects'' include human users, computer
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
and other hardware on the computer. Examples of ''resources'' include individual files or an item's
data Data ( , ) are a collection of discrete or continuous values that convey information, describing the quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted for ...
,
computer program A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...
s, computer devices and functionality provided by computer applications. For example, user accounts for
human resources Human resources (HR) is the set of people who make up the workforce of an organization, business sector, industry, or economy. A narrower concept is human capital, the knowledge and skills which the individuals command. Similar terms include ' ...
staff are typically configured with authorization for accessing employee records. Authorization is closely related to access control, which is what enforces the authorization policy by deciding whether access requests to resources from ( authenticated) consumers shall be approved (granted) or disapproved (rejected). Authorization should not be confused with
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In contrast with iden ...
, which is the process of verifying someone's identity.


Overview

IAM consists the following two phases: the configuration phase where a user account is created and its corresponding access authorization policy is defined, and the usage phase where user authentication takes place followed by access control to ensure that the user/consumer only gets access to resources for which they are authorized. Hence, access control in
computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...
systems and networks relies on access authorization specified during configuration. Authorization is the responsibility of an authority, such as a department manager, within the application domain, but is often delegated to a custodian such as a system administrator. Authorizations are expressed as access policies in some types of "policy definition application", e.g. in the form of an access control list or a capability, or a policy administration point e.g. XACML. Broken authorization is often listed as the number one risk in web applications. On the basis of the " principle of least privilege", consumers should only be authorized to access whatever they need to do their jobs, and nothing more. "Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have limited authorization. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of access tokens include keys, certificates and tickets: they grant access without proving identity.


Implementation

A widely used framework for authorizing applications is OAuth 2. It provides a standardized way for third-party applications to obtain limited access to a user's resources without exposing their credentials. In modern systems, a widely used model for authorization is role-based access control (RBAC) where authorization is defined by granting subjects one or more roles, and then checking that the resource being accessed has been assigned at least one of those roles. However, with the rise of social media, Relationship-based access control is gaining more prominence. Even when access is controlled through a combination of authentication and access control lists, the problems of maintaining the authorization data is not trivial, and often represents as much administrative burden as managing authentication credentials. It is often necessary to change or remove a user's authorization: this is done by changing or deleting the corresponding access rules on the system. Using atomic authorization is an alternative to per-system authorization management, where a trusted third party securely distributes authorization information.


Related interpretations


Public policy

In
public policy Public policy is an institutionalized proposal or a Group decision-making, decided set of elements like laws, regulations, guidelines, and actions to Problem solving, solve or address relevant and problematic social issues, guided by a conceptio ...
, authorization is a feature of trusted systems used for security or social control.


Banking

In
bank A bank is a financial institution that accepts Deposit account, deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital m ...
ing, an authorization is a hold placed on a customer's account when a purchase is made using a
debit card A debit card, also known as a check card or bank card, is a payment card that can be used in place of cash to make purchases. The card usually consists of the bank's name, a card number, the cardholder's name, and an expiration date, on either ...
or credit card.


Publishing

In publishing, sometimes public lectures and other freely available texts are published without the approval of the
author In legal discourse, an author is the creator of an original work that has been published, whether that work exists in written, graphic, visual, or recorded form. The act of creating such a work is referred to as authorship. Therefore, a sculpt ...
. These are called unauthorized texts. An example is the 2002 '' 'The Theory of Everything: The Origin and Fate of the Universe' '', which was collected from Stephen Hawking's lectures and published without his permission as per copyright law.


See also

* Access control * Authorization hold * Authorization OSID * Kerberos (protocol) * Multi-party authorization * OAuth * OpenID Connect * OpenID * Usability of web authentication systems * WebFinger * WebID * XACML


References

{{Authority control Computer access control Access control Authority