Jump to content
 







Main menu
    


Navigation  


Main page
 Contents
 Current events
 Random article
 About Wikipedia
 Contact us
 Donate
  



Contribute  


Help
 Learn to edit
 Community portal
 Recent changes
 Upload file
  







Search  

































Create account

Log in
 









Create account
  Log in
  



Pages for logged out editors learn more  


Contributions
 Talk
  


















Contents

   



(Top)
  


1 Overview  




2 Related interpretations  


2.1  Public policy  




2.2  Banking  




2.3  Publishing  






3 See also  




4 References  













Authorization






العربية
 Azərbaycanca
 Čeština
 Deutsch
 Eesti
 Ελληνικά
 Español
 فارسی
 Français
 Galego
Bahasa Indonesia
 Italiano
 Қазақша
 Кыргызча
 Latviešu
Nederlands
Norsk bokmål
 Polski
 Português
 Qaraqalpaqsha
 Română
 Русский
 Shqip
 کوردی
 Српски / srpski
 Suomi
 Svenska
 Türkçe
 Українська

 
Edit links
  








Article
 Talk
  
















Read
 Edit
 View history
  







Tools
    


Actions  


Read
 Edit
 View history
  



General  


What links here
 Related changes
 Upload file
 Special pages
 Permanent link
 Page information
 Cite this page
 Get shortened URL
 Download QR code
 Wikidata item
  



Print/export  


Download as PDF
 Printable version
  















Appearance
    

 





From Wikipedia, the free encyclopedia
  
(Redirected from Authorisation)
"Authorized" redirects here. For the 2007 Epsom Derby winner, see Authorized (horse).
"Authorization code" redirects here. For the code allowing internet domain name transfers, see Auth-Code.

Authorizationorauthorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.[1] More formally, "to authorize" is to define an access policy. For example, human resources staff are normally authorized to access employee records and this policy is often formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected).[2] Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer software and other hardware on the computer.

Overview[edit]

Access control in computer systems and networks rely on access policies. The access control process can be divided into the following phases: policy definition phase where access is authorized, and policy enforcement phase where access requests are approved or disapproved. Authorization is the function of the policy definition phase which precedes the policy enforcement phase where access requests are approved or disapproved based on the previously defined authorizations.

Most modern, multi-user operating systems include role-based access control (RBAC) and thereby rely on authorization. Access control also uses authentication to verify the identity of consumers. When a consumer tries to access a resource, the access control process checks that the consumer has been authorized to use that resource. Authorization is the responsibility of an authority, such as a department manager, within the application domain, but is often delegated to a custodian such as a system administrator. Authorizations are expressed as access policies in some types of "policy definition application", e.g. in the form of an access control list or a capability, or a policy administration point e.g. XACML. On the basis of the "principle of least privilege": consumers should only be authorized to access whatever they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and access control systems.

"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have limited authorization. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of access tokens include keys, certificates and tickets: they grant access without proving identity.

Trusted consumers are often authorized for unrestricted access to resources on a system, but must be verified so that the access control system can make the access approval decision. "Partially trusted" and guests will often have restricted authorization in order to protect resources against improper access and usage. The access policy in some operating systems, by default, grant all consumers full access to all resources. Others do the opposite, insisting that the administrator explicitly authorizes a consumer to use each resource.

Even when access is controlled through a combination of authentication and access control lists, the problems of maintaining the authorization data is not trivial, and often represents as much administrative burden as managing authentication credentials. It is often necessary to change or remove a user's authorization: this is done by changing or deleting the corresponding access rules on the system. Using atomic authorization is an alternative to per-system authorization management, where a trusted third party securely distributes authorization information.

Related interpretations[edit]

Public policy[edit]

Inpublic policy, authorization is a feature of trusted systems used for securityorsocial control.

Banking[edit]

Inbanking, an authorization is a hold placed on a customer's account when a purchase is made using a debit cardorcredit card.

Publishing[edit]

Further information: Official § Adjective, and Unauthorized biography

Inpublishing, sometimes public lectures and other freely available texts are published without the approval of the author. These are called unauthorized texts. An example is the 2002 'The Theory of Everything: The Origin and Fate of the Universe' , which was collected from Stephen Hawking's lectures and published without his permission as per copyright law.[citation needed]

See also[edit]

Look up authorization in Wiktionary, the free dictionary.
  • Authorization hold
  • Authorization OSID
  • Kerberos (protocol)
  • Multi-party authorization
  • OpenID Connect
  • OpenID
  • Usability of web authentication systems
  • WebFinger
  • WebID
  • XACML

    • References[edit]

    1. ^ Fraser, B. (1997), RFC 2196 – Site Security Handbook, IETF
  • ^ Jøsang, Audun (2017), A Consistent Definition of Authorization, Proceedings of the 13th International Workshop on Security and Trust Management (STM 2017)

    • Retrieved from "https://en.wikipedia.org/w/index.php?title=Authorization&oldid=1182982666"
    Categories: 
    Computer access control
     Access control
     Authority
     Hidden categories: 
    Articles with short description
     Short description is different from Wikidata
     Use dmy dates from March 2023
     All articles with unsourced statements
     Articles with unsourced statements from August 2021
     Articles with GND identifiers
     Articles with NKC identifiers
      


    This page was last edited on 1 November 2023, at 15:13 (UTC).
    Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.


    Privacy policy
    About Wikipedia
    Disclaimers
    Contact Wikipedia
    Code of Conduct
    Developers
    Statistics
    Cookie statement
    Mobile view


    Wikimedia Foundation
    Powered by MediaWiki