Authorization


Authorization

In security engineering and computer security, authorization is the concept of allowing access to resources only to those permitted to use them. More formally, authorization is a process (often part of the operating system) that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files' or items' data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer. Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.

Overview

The authorization process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y.

Most modern, multi-user operating systems include an authorization process. This makes use of the Authentication#Computer_security process to identify consumers. When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's system administrator in some type of "security policy application", such as an access control list or a capability, on the basis of the "principle of least privilege": consumers should only be granted permissions they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and authorization systems.

"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens include keys and tickets: they grant access without proving identity.

There is the concept of "trusted" consumers. Consumers that have authenticated and are indicated as trusted are allowed unrestricted access to resources. "Partially trusted" and guests are subject to authorization for their use of protected resources. The security policy applications of some operating systems, by default, grant full access to all consumers to all resources. Others do the opposite, insisting that the administrator takes deliberate action to enable a consumer to use each resource.

Even when authorization is performed by using a combination of authentication and access control lists, the problems of maintaining the security policy data is not trivial, and often represents as much administrative burden as proving the necessary user identities. It is often desirable to remove a user's authorization: to do this with security policy application requires that the data be updateable.

Public policy

In public policy, authorization is a feature of trusted systems used for security or social control.

Banking

In banking, an authorization is a hold placed on a customer's account when a purchase is made using a debit card or credit card.

Publishing

In publishing, sometimes public lectures and other freely available texts are published without the consent of the author. These are called unauthorized texts. An example is the 2002 " " ", which was collected from Stephen Hawking's lectures and published without his permission.

ee also

* Security engineering
* Computer security
* Authentication
* Access control
* Kerberos (protocol)
* Operating system
* Authorization OSID
* Authorization hold
* XACML


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Authorization — Au thor*i*za tion, n. [Cf. F. autorisation.] The act of giving authority or legal power; establishment by authority; sanction or warrant. [1913 Webster] The authorization of laws. Motley. [1913 Webster] A special authorization from the chief.… …   The Collaborative International Dictionary of English

  • authorization — index appointment (act of designating), approval, assent, assignment (designation), brevet, capacity (authority) …   Law dictionary

  • authorization — (n.) c.1600, noun formed from AUTHORIZE (Cf. authorize) + ATION (Cf. ation). Earlier form was auctorisation (late 15c.) …   Etymology dictionary

  • authorization — (Amer.) au·thor·i·za·tion || ‚ɔːθəraɪ zeɪʃn n. official permission; permit; empowerment; mandate; consent (also authorisation) …   English contemporary dictionary

  • authorization — [ô΄thər i zā′shən] n. 1. an authorizing or being authorized 2. legal power or right; sanction …   English World dictionary

  • authorization — (BrE also isation) noun ADJECTIVE ▪ formal, official, written ▪ congressional (in the US) ▪ They secured congressional authorization for a new hydro electric dam. ▪ …   Collocations dictionary

  • authorization — n. 1) to give, grant authorization 2) to receive authorization 3) to revoke smb. s authorization 4) official authorization 5) authorization for 6) (the) authorization to + inf. (we received authorization to begin demolition) * * * [ˌɔːθəraɪ… …   Combinatory dictionary

  • authorization — authorize au‧thor‧ize [ˈɔːθəraɪz ǁ ˈɒː ] also authorise verb [transitive] to give official or legal permission for something: • The board has authorized the buy back of 85,000 shares. • The bill would authorize $850 million a year in grants to… …   Financial and business terms

  • authorization — The giving of approval or permission. Authorization is central to many of the *internal controls found in modern organizations, from the making of *disbursements to the hiring of employees. Authorization can be effected through written signatures …   Auditor's dictionary

  • authorization — UK [ˌɔːθəraɪˈzeɪʃ(ə)n] / US [ˌɔθərɪˈzeɪʃ(ə)n] noun [countable/uncountable] Word forms authorization : singular authorization plural authorizations a) official permission to do something The action was taken without the authorization of the… …   English dictionary


We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.