Overview#
Authorization (AuthZ) is the process where a Trustor Delegates a Permission to a Trustee to perform a privilege against a Target Resourceor
Allowing an Entity to do something. (Thing Explainer)
Authorization is a Facet Of Building Trust
Authorization is the process of determining whether the Digital Identity which has been through the Authentication process has the Permission to access a specific Protected Resource as requested.
Authorization enforcement is performed by Access Control
Authorization and Authentication#
Authorization is usually only attempted following authentication so that the Policy Enforcement Point has some Level Of Assurance of the Trustee is attempting to access a Protected Resource.Authorization does not always imply Authentication as when Bearer Tokens are utilized. This is also true when a Hotel Key Card is utilized.
Definition[2]#
Authorization noun- the act of authorizing.
- permission or power granted by an authority; sanction.
- a legislative act authorizing money to be spent for government programs that specifies a maximum spending level without provision for actual funds.
In security engineering and computer security, authorization is the concept of allowing access to Resources only to those permitted to use them.[1]
A number of components are typically be involved in an authorization process, including:
- The Access Control system.
- The Permission system.
- The Policy.
Examples#
- Door Key Card is a Bearer Token which provides Authorization to a Protected Door to any Entity which has possession.
Consent vs Authorization#
Frankly, I can not determine a difference (Consent vs Authorization) in Authorization and Authorized, Authorise or Authorization other than the noun vs verb thing.
There maybe some narrow legal definitions (think HIPAA) that delineate differences between consent and authorization but in general, they are the same.
More Information#
There might be more information for this subject on one of the following:- ACDC Grant type
- ACE-OAuth
- API-Gateway
- About
- Acceptable Use
- Access Control
- Access Control Engine
- Access Control Policy
- Access Proxy
- Access Token
- Access Token Validation
- Adaptive Policy-based Access Management
- Apache Web Server and LDAP
- Apple ID
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- Attribute Certificate
- AuthZ
- Authentication
- Authentication Agent
- Authentication Context Class Reference
- Authentication Request
- Authentication, Authorization and Accounting (AAA) Transport Profile
- Authorization
- Authorization API
- Authorization Code
- Authorization Code Flow
- Authorization Gesture
- Authorization Header
- Authorization Response
- Authorization_endpoint
- Authorized
- Basic Authentication Scheme
- Beneficiary
- Best Practices OpenID Connect
- Best Practices for LDAP Security
- BeyondCorp
- Bind Request
- Bob Blakley
- Certificate
- Claim
- Cloud Access Security Broker
- Computer Fraud and Abuse Act
- Consensus
- Consent
- Consent Dialog
- Consent Mechanism
- Consent vs Authorization
- Context Provider
- Contextual Attributes
- Credential
- Custodian
- DIAMETER
- DID Authentication
- DID Document
- Data Accuracy
- Data Classification
- Data Origin
- Data Ownership
- Data Privacy
- Data Processor
- Delegation
- Diffie-Hellman or RSA
- Digital Identity
- DirX Access
- Dynamic Authorization Management
- Eavesdropper
- Edward Snowden
- Encryption
- Enterprise Directory
- Entitlement Management System
- Essential Claim
- Extranet
- FAPI Pushed Request Object
- Fast Healthcare Interoperability Resources
- Federal Risk and Authorization Management Program
- Federated Authorization for UMA 2.0
- Front-End Processors
- Glossary Of LDAP And Directory Terminology
- Google Cloud IAM
- Grant
- Grant Negotiation and Authorization Protocol
- Grant Types
- HIPAA Privacy Rule
- HTTP 407
- IAM Charter
- IDM The Application Developers Dilemma
- IDSA Integration Framework
- Ian Glazer
- Identity Aware Proxy
- Identity Broker
- Identity Governance and Administration
- Identity State
- IdentityServer
- Implicit Grant
- Incremental authorization
- Industry 4.0
- Information security
- Internet User Authorization
- Invalid_grant
- JSPWiki Roles and Groups
- Java Authentication and Authorization Service
- Java KeyStore
- John Bradley
- Jurisdiction
- Kerberos
- Kerberos Error Codes
- LDAP Proxy User
- LDAP for Linux and Unix Clients
- Law of agency
- LeftMenu
- Liberty Alliance
- License
- Local Security Authority
- Logical Access Control
- Macaroons
- Main
- Mandatory Access Control
- Merchant Category Code
- Microservice
- Mobile Operator Discovery, Registration & Authentication
- Mod_auth_openidc
- NIST.SP.800-207
- Neo-Security Stack
- OAuth
- OAuth 2.0
- OAuth 2.0 Actors
- OAuth 2.0 Authorization
- OAuth 2.0 Client Registration
- OAuth 2.0 Device Authorization Grant
- OAuth 2.0 Incremental Authorization
- OAuth 2.0 JWT Secured Authorization Request
- OAuth 2.0 NOT an Authentication protocol
- OAuth 2.0 Software Statement
- OAuth 2.0 Token Introspection
- OAuth 2.0 Vulnerabilities
- OAuth Scope Example
- OXD
- Oauth.xyz
- Offline Authorization
- OpenAM
- OpenID Connect Client Initiated Backchannel Authentication Flow
- OpenPDS
- Payment Services Directive
- Permission
- Permissionless System
- Persisted Claims Token
- PoP
- Policy Administration Point
- Policy Based Management System
- Policy Decision Point
- Policy Retrieval Point
- Privacy Considerations
- Privilege
- Privilege Conflict
- Privilege Management
- Privilege Management Infrastructure
- Protected Health Information
- Protection API Token
- Proxied Authorization Control
- Proxy
- RFC 2904
- RFC 5755
- RFC 6750
- RFC 7208
- Redirect_uri
- Refresh Token
- Registration_endpoint
- Remote Authentication Dial-In User Service
- Resource Access Control Facility
- Resource Inventory Service
- SAML Holder of Key
- SCIM
- Scopes vs Claims
- Security Controls For This Wiki
- Security Domain
- Security Token
- Security Token Service
- Security-constraint
- Sensitive Authentication Data
- Service Account
- Session Management
- Simple Authentication
- Single Sign-On
- Single Sign-On Scenarios
- Smart-On-FHIR profile
- Social Login
- Social contract
- Subscriber Identification Module
- System Authorization Facility
- System for Cross-domain Identity Management
- ThisWilki
- Ticket
- Token
- Token Storage
- Treatment, Payment and Health care Operations
- Trust
- Trustee
- Trustor
- Unauthorized
- User-Managed Access
- Virtual Authenticator
- Visa
- Vulnerability
- WEB Access Management
- Web Blog_blogentry_010117_1
- Web Blog_blogentry_020816_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_031017_1
- Web Blog_blogentry_070817_1
- Web Blog_blogentry_120218_1
- Web Blog_blogentry_140615_1
- Web Blog_blogentry_200217_2
- Web Blog_blogentry_231215_1
- Web Blog_blogentry_250816_1
- Web Blog_blogentry_260715_1
- WebAuthn Extension Identifiers
- WebID
- WebSEAL
- Which Jane Doe
- Who Am I Extended Operation
- Why Access Tokens
- Why OAuth 2.0
- Why OpenID Connect
- Windows Hello
- XACML
- Yadis
- [#1] - Authorization
- based on data observed:2010-05-18
- [#2] - dictionary.com - based on data observed:2010-05-18
