Authorization (Dictionary Entry)
Contexts | Computer Science, IAM |
---|---|
Term | Authorization |
Alternative Forms | To authorize Verb |
Definitions | The granting of privileges that govern what an authority allows an entity (or its identity representation) to do. More precisely, we may distinguish:
|
Related Terms |
|
Quotes
Access privileges that are granted to an entity that convey an “official” sanction to perform a security function or activity.
(Barker, 2020, p. 7)
Authorization
When an account is created, it is often necessary to specify what the account can do, in the form of privileges. We use the term authorization for the granting of privileges that govern what an account is allowed to do.
When Alice creates her online account, the bank authorizes her account to access the application to view checking accounts. If she does not have a brokerage account at the bank, her account would not be authorized to access the bank’s stock trading application. Needless to say, her account would also not be authorized to view account information for the bank’s other customers! Alice’s authorization indicates the privileges her account has been granted. Authorization for an account is typically done at the time an account is created and may be updated over time.
(Wilson and Hingnikar, 2019, p. 12)
Authorization is the process of determining the privileges the user or system is entitled to once the identity is established. In the context of digital services, authorization usually follows the authentication step and is used to determine whether the user or service has the necessary privileges to perform certain operations—in other words, authorization is the process of enforcing policies.
(Mather et al., 2009, p. 77)
authorization A process by which users, having completed an *authentication stage, gain or are denied access to particular resources based on their entitlement.
(Butterfield et al., 2016, p. 160)
Authorisation – What the Identity can do, in a given instance, as a result of proving an assertion.
Authorize
To grant a principal access to certain information.
Bibliography
See Also
-
Alaga and Wan, 2008 (Bibliography)
-
Authorization (Dictionary Entry) (Dictionary)
-
Authorization Externalization (Dictionary)
-
AuthZ (Dictionary)
-
-
Capability (Dictionary Entry) (Dictionary)
-
Fernandez and Pan, 2001 (Bibliography)
-
NIST SP 800-162, 2014 (Bibliography)
-
-
Ruiz, 2018 (Bibliography)
-
Saracino and Mori, 2020 (Bibliography)
-
Williamson, 2020 (Bibliography)
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.