510:
176:, the problems of maintaining the authorization data is not trivial, and often represents as much administrative burden as managing authentication credentials. It is often necessary to change or remove a user's authorization: this is done by changing or deleting the corresponding access rules on the system. Using
168:
Trusted consumers are often authorized for unrestricted access to resources on a system, but must be verified so that the access control system can make the access approval decision. "Partially trusted" and guests will often have restricted authorization in order to protect resources against improper
113:
consists the following two phases: the configuration phase where a user account is created and its corresponding access authorization policy is defined, and the usage phase where user authentication takes place followed by access control to ensure that the user/consumer only gets access to resources
73:
staff are typically configured with authorization for accessing employee records, and this policy gets formalized as access control rules in a computer system. Authorization must not be confused with access control. During usage, access control enforces the authorization policy by deciding whether
161:"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have limited authorization. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of
142:, such as a department manager, within the application domain, but is often delegated to a custodian such as a system administrator. Authorizations are expressed as access policies in some types of "policy definition application", e.g. in the form of an
169:
access and usage. The access policy in some operating systems, by default, grant all consumers full access to all resources. Others do the opposite, insisting that the administrator explicitly authorizes a consumer to use each resource.
137:
of consumers. When an authenticated consumer tries to access a resource, the access control process checks that the consumer has been authorized to use that resource. Authorization is the responsibility of an
158:": consumers should only be authorized to access whatever they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and access control systems.
69:(Identity and Access Management) in particular. More formally, "to authorize" is to define an access policy during the configuration of systems and user accounts. For example, user accounts for
54:
404:
948:
317:
925:
956:
397:
888:
982:
684:
938:
358:
751:
390:
155:
943:
864:
664:
920:
878:
534:
78:) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's
781:
499:
297:
147:
134:
126:
766:
644:
539:
987:
854:
806:
469:
246:
895:
629:
255:, sometimes public lectures and other freely available texts are published without the approval of the
57:) is the function of specifying rights/privileges for accessing resources, which is related to general
915:
827:
776:
721:
589:
562:
544:
509:
442:
413:
177:
91:
58:
699:
474:
432:
292:
181:
173:
143:
110:
66:
992:
883:
811:
716:
287:
282:
222:
31:
37:"Authorization code" redirects here. For the code allowing internet domain name transfers, see
931:
689:
624:
574:
521:
479:
427:
99:
87:
62:
900:
840:
604:
594:
489:
375:, Proceedings of the 13th International Workshop on Security and Trust Management (STM 2017)
119:
83:
791:
771:
494:
484:
264:
70:
961:
859:
709:
659:
634:
599:
579:
459:
447:
307:
277:
206:
130:
75:
976:
832:
801:
796:
649:
639:
609:
165:
include keys, certificates and tickets: they grant access without proving identity.
905:
761:
464:
162:
845:
679:
654:
619:
454:
230:
910:
726:
674:
557:
437:
252:
226:
17:
786:
741:
736:
584:
552:
322:
139:
38:
172:
Even when access is controlled through a combination of authentication and
746:
704:
567:
242:
225:
is a hold placed on a customer's account when a purchase is made using a
202:
115:
95:
756:
731:
694:
382:
267:'s lectures and published without his permission as per copyright law.
669:
614:
529:
312:
256:
198:
332:
327:
302:
180:
is an alternative to per-system authorization management, where a
151:
30:"Authorized" redirects here. For the 2007 Epsom Derby winner, see
122:
relies on access authorization specified during configuration.
261:'The Theory of Everything: The Origin and Fate of the Universe'
218:
79:
27:
Function of specifying access rights and privileges to resources
386:
129:(RBAC) where authorization is implicitly defined by the roles.
259:. These are called unauthorized texts. An example is the 2002
508:
201:, authorization is a feature of trusted systems used for
114:
for which they are authorized. Hence, access control in
94:. Examples of consumers are computer users, computer
820:
520:
420:
125:Most modern, multi-user operating systems include
184:securely distributes authorization information.
398:
8:
405:
391:
383:
949:Security information and event management
373:A Consistent Definition of Authorization
150:, or a policy administration point e.g.
345:
318:Usability of web authentication systems
926:Host-based intrusion detection system
7:
957:Runtime application self-protection
74:access requests to resources from (
25:
889:Security-focused operating system
355:RFC 2196 – Site Security Handbook
685:Insecure direct object reference
133:is the process of verifying the
939:Information security management
90:and functionality provided by
1:
156:principle of least privilege
944:Information risk management
865:Multi-factor authentication
421:Related security categories
263:, which was collected from
1009:
921:Intrusion detection system
879:Computer security software
535:Advanced persistent threat
240:
36:
29:
506:
500:Digital rights management
298:Multi-party authorization
243:Official § Adjective
127:role-based access control
645:Denial-of-service attack
540:Arbitrary code execution
983:Computer access control
855:Computer access control
807:Rogue security software
470:Electromagnetic warfare
188:Related interpretations
154:. On the basis of the "
901:Obfuscation (software)
630:Browser Helper Objects
514:
371:Jøsang, Audun (2017),
247:Unauthorized biography
896:Data-centric security
777:Remote access trojans
512:
241:Further information:
92:computer applications
828:Application security
722:Privilege escalation
590:Cross-site scripting
443:Cybersex trafficking
414:Information security
178:atomic authorization
174:access control lists
59:information security
55:spelling differences
475:Information warfare
433:Automotive security
353:Fraser, B. (1997),
293:Kerberos (protocol)
182:trusted third party
144:access control list
131:User authentication
884:Antivirus software
752:Social engineering
717:Polymorphic engine
670:Fraudulent dialers
575:Hardware backdoors
515:
288:Authorization OSID
283:Authorization hold
32:Authorized (horse)
970:
969:
932:Anomaly detection
837:Secure by default
690:Keystroke loggers
625:Drive-by download
513:vectorial version
480:Internet security
428:Computer security
102:on the computer.
84:computer programs
63:computer security
16:(Redirected from
1000:
841:Secure by design
772:Hardware Trojans
605:History sniffing
595:Cross-site leaks
490:Network security
407:
400:
393:
384:
377:
376:
368:
362:
361:
350:
21:
1008:
1007:
1003:
1002:
1001:
999:
998:
997:
973:
972:
971:
966:
816:
516:
504:
495:Copy protection
485:Mobile security
416:
411:
381:
380:
370:
369:
365:
352:
351:
347:
342:
337:
273:
265:Stephen Hawking
249:
239:
215:
195:
190:
108:
71:human resources
42:
35:
28:
23:
22:
15:
12:
11:
5:
1006:
1004:
996:
995:
990:
988:Access control
985:
975:
974:
968:
967:
965:
964:
962:Site isolation
959:
954:
953:
952:
946:
936:
935:
934:
929:
918:
913:
908:
903:
898:
893:
892:
891:
886:
876:
875:
874:
869:
868:
867:
860:Authentication
852:
851:
850:
849:
848:
838:
835:
824:
822:
818:
817:
815:
814:
809:
804:
799:
794:
789:
784:
779:
774:
769:
764:
759:
754:
749:
744:
739:
734:
729:
724:
719:
714:
713:
712:
702:
697:
692:
687:
682:
677:
672:
667:
662:
660:Email spoofing
657:
652:
647:
642:
637:
632:
627:
622:
617:
612:
607:
602:
600:DOM clobbering
597:
592:
587:
582:
580:Code injection
577:
572:
571:
570:
565:
560:
555:
547:
542:
537:
532:
526:
524:
518:
517:
507:
505:
503:
502:
497:
492:
487:
482:
477:
472:
467:
462:
460:Cyberterrorism
457:
452:
451:
450:
448:Computer fraud
445:
435:
430:
424:
422:
418:
417:
412:
410:
409:
402:
395:
387:
379:
378:
363:
344:
343:
341:
338:
336:
335:
330:
325:
320:
315:
310:
308:OpenID Connect
305:
300:
295:
290:
285:
280:
278:Access control
274:
272:
269:
238:
235:
214:
211:
207:social control
194:
191:
189:
186:
107:
104:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1005:
994:
991:
989:
986:
984:
981:
980:
978:
963:
960:
958:
955:
950:
947:
945:
942:
941:
940:
937:
933:
930:
927:
924:
923:
922:
919:
917:
914:
912:
909:
907:
904:
902:
899:
897:
894:
890:
887:
885:
882:
881:
880:
877:
873:
872:Authorization
870:
866:
863:
862:
861:
858:
857:
856:
853:
847:
844:
843:
842:
839:
836:
834:
833:Secure coding
831:
830:
829:
826:
825:
823:
819:
813:
810:
808:
805:
803:
802:SQL injection
800:
798:
795:
793:
790:
788:
785:
783:
782:Vulnerability
780:
778:
775:
773:
770:
768:
767:Trojan horses
765:
763:
762:Software bugs
760:
758:
755:
753:
750:
748:
745:
743:
740:
738:
735:
733:
730:
728:
725:
723:
720:
718:
715:
711:
708:
707:
706:
703:
701:
698:
696:
693:
691:
688:
686:
683:
681:
678:
676:
673:
671:
668:
666:
663:
661:
658:
656:
653:
651:
650:Eavesdropping
648:
646:
643:
641:
640:Data scraping
638:
636:
633:
631:
628:
626:
623:
621:
618:
616:
613:
611:
610:Cryptojacking
608:
606:
603:
601:
598:
596:
593:
591:
588:
586:
583:
581:
578:
576:
573:
569:
566:
564:
561:
559:
556:
554:
551:
550:
548:
546:
543:
541:
538:
536:
533:
531:
528:
527:
525:
523:
519:
511:
501:
498:
496:
493:
491:
488:
486:
483:
481:
478:
476:
473:
471:
468:
466:
463:
461:
458:
456:
453:
449:
446:
444:
441:
440:
439:
436:
434:
431:
429:
426:
425:
423:
419:
415:
408:
403:
401:
396:
394:
389:
388:
385:
374:
367:
364:
360:
356:
349:
346:
339:
334:
331:
329:
326:
324:
321:
319:
316:
314:
311:
309:
306:
304:
301:
299:
296:
294:
291:
289:
286:
284:
281:
279:
276:
275:
270:
268:
266:
262:
258:
254:
248:
244:
236:
234:
232:
228:
224:
223:authorization
220:
212:
210:
208:
204:
200:
199:public policy
193:Public policy
192:
187:
185:
183:
179:
175:
170:
166:
164:
163:access tokens
159:
157:
153:
149:
145:
141:
136:
132:
128:
123:
121:
117:
112:
105:
103:
101:
97:
93:
89:
85:
81:
77:
76:authenticated
72:
68:
64:
60:
56:
52:
51:authorisation
48:
47:Authorization
44:
40:
33:
19:
18:Authorisation
906:Data masking
871:
465:Cyberwarfare
372:
366:
354:
348:
260:
250:
216:
196:
171:
167:
160:
124:
118:systems and
109:
50:
46:
45:
43:
846:Misuse case
680:Infostealer
655:Email fraud
620:Data breach
455:Cybergeddon
231:credit card
86:, computer
977:Categories
911:Encryption
787:Web shells
727:Ransomware
675:Hacktivism
438:Cybercrime
340:References
253:publishing
237:Publishing
227:debit card
148:capability
98:and other
993:Authority
742:Shellcode
737:Scareware
585:Crimeware
545:Backdoors
323:WebFinger
140:authority
65:, and to
39:Auth-Code
916:Firewall
821:Defenses
747:Spamming
732:Rootkits
705:Phishing
665:Exploits
271:See also
203:security
135:identity
120:networks
116:computer
106:Overview
100:hardware
96:software
757:Spyware
700:Payload
695:Malware
635:Viruses
615:Botnets
522:Threats
219:banking
213:Banking
88:devices
951:(SIEM)
928:(HIDS)
812:Zombie
549:Bombs
530:Adware
313:OpenID
257:author
245:, and
797:Worms
792:Wiper
710:Voice
558:Logic
333:XACML
328:WebID
303:OAuth
221:, an
152:XACML
146:or a
53:(see
563:Time
553:Fork
359:IETF
80:data
61:and
568:Zip
251:In
229:or
217:In
205:or
197:In
111:IAM
67:IAM
49:or
979::
357:,
233:.
209:.
82:,
406:e
399:t
392:v
41:.
34:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.