Authorization (AuthZ) is the process where a Trustor Delegates a Permission to a Trustee to perform a privilege against a Target Resource
Allowing an Entity to do something. (Thing Explainer)

Authorization is a Facet Of Building Trust

Authorization is the process of determining whether the Digital Identity which has been through the Authentication process has the Permission to access a specific Protected Resource as requested.

Authorization enforcement is performed by Access Control

Authorization and Authentication#

Authorization is usually only attempted following authentication so that the Policy Enforcement Point has some Level Of Assurance of the Trustee is attempting to access a Protected Resource.

Authorization does not always imply Authentication as when Bearer Tokens are utilized. This is also true when a Hotel Key Card is utilized.


Authorization noun
  • the act of authorizing.
  • permission or power granted by an authority; sanction.
  • a legislative act authorizing money to be spent for government programs that specifies a maximum spending level without provision for actual funds.

In security engineering and computer security, authorization is the concept of allowing access to Resources only to those permitted to use them.[1]

A number of components are typically be involved in an authorization process, including:


Consent vs Authorization#

Frankly, I can not determine a difference (Consent vs Authorization) in Authorization and Authorized, Authorise or Authorization other than the noun vs verb thing.
There maybe some narrow legal definitions (think HIPAA) that delineate differences between consent and authorization but in general, they are the same.

More Information#

There might be more information for this subject on one of the following: