Overview#
Authorization (AuthZ) is the process where a Trustor Delegates a Permission to a Trustee to perform a privilege against a Target Resourceor
Allowing an Entity to do something. (Thing Explainer)
Authorization is a Facet Of Building Trust
Authorization is the process of determining whether the Digital Identity which has been through the Authentication process has the Permission to access a specific Protected Resource as requested.
Authorization enforcement is performed by Access Control
Authorization and Authentication#
Authorization is usually only attempted following authentication so that the Policy Enforcement Point has some Level Of Assurance of the Trustee is attempting to access a Protected Resource.Authorization does not always imply Authentication as when Bearer Tokens are utilized. This is also true when a Hotel Key Card is utilized.
Definition[2]#
Authorization noun- the act of authorizing.
- permission or power granted by an authority; sanction.
- a legislative act authorizing money to be spent for government programs that specifies a maximum spending level without provision for actual funds.
In security engineering and computer security, authorization is the concept of allowing access to Resources only to those permitted to use them.[1]
A number of components are typically be involved in an authorization process, including:
- The Access Control system.
- The Permission system.
- The Policy.
Examples#
- Door Key Card is a Bearer Token which provides Authorization to a Protected Door to any Entity which has possession.
Consent vs Authorization#
Frankly, I can not determine a difference (Consent vs Authorization) in Authorization and Authorized, Authorise or Authorization other than the noun vs verb thing.More Information#
There might be more information for this subject on one of the following:- ACDC Grant type
- ACE-OAuth
- API-Gateway
- About
- Acceptable Use
- Access Control
- Access Control Engine
- Access Control Policy
- Access Proxy
- Access Token
- Access Token Validation
- Adaptive Policy-based Access Management
- Apache Web Server and LDAP
- Apple ID
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- Attribute Certificate
- AuthZ
- Authentication
- Authentication Agent
- Authentication Context Class Reference
- Authentication Request
- Authentication, Authorization and Accounting (AAA) Transport Profile
- Authorization
- Authorization API
- Authorization Code
- Authorization Code Flow
- Authorization Gesture
- Authorization Header
- Authorization Response
- Authorization_endpoint
- Authorized
- Basic Authentication Scheme
- Beneficiary
- Best Practices OpenID Connect
- Best Practices for LDAP Security
- BeyondCorp
- Bind Request
- Bob Blakley
- Certificate
- Claim
- Cloud Access Security Broker
- Computer Fraud and Abuse Act
- Consensus
- Consent
- Consent Dialog
- Consent Mechanism
- Consent vs Authorization
- Context Provider
- Contextual Attributes
- Credential
- Custodian
- DIAMETER
- DID Authentication
- DID Document
- Data Accuracy
- Data Classification
- Data Origin
- Data Ownership
- Data Privacy
- Data Processor
- Delegation
- Diffie-Hellman or RSA
- Digital Identity
- DirX Access
- Dynamic Authorization Management
- Eavesdropper
- Edward Snowden
- Encryption
- Enterprise Directory
- Entitlement Management System
- Essential Claim
- Extranet
- FAPI Pushed Request Object
- Fast Healthcare Interoperability Resources
- Federal Risk and Authorization Management Program
- Federated Authorization for UMA 2.0
- Front-End Processors
- Glossary Of LDAP And Directory Terminology
- Google Cloud IAM
- Grant
- Grant Negotiation and Authorization Protocol
- Grant Types
- HIPAA Privacy Rule
- HTTP 407
- IAM Charter
- IDM The Application Developers Dilemma
- IDSA Integration Framework
- Ian Glazer
- Identity Aware Proxy
- Identity Broker
- Identity Governance and Administration
- Identity State
- IdentityServer
- Implicit Grant
- Incremental authorization
- Industry 4.0
- Information security
- Internet User Authorization
- Invalid_grant
- JSPWiki Roles and Groups
- Java Authentication and Authorization Service
- Java KeyStore
- John Bradley
- Jurisdiction
- Kerberos
- Kerberos Error Codes
- LDAP Proxy User
- LDAP for Linux and Unix Clients
- Law of agency
- LeftMenu
- Liberty Alliance
- License
- Local Security Authority
- Logical Access Control
- Macaroons
- Main
- Mandatory Access Control
- Merchant Category Code
- Microservice
- Mobile Operator Discovery, Registration & Authentication
- Mod_auth_openidc
- NIST.SP.800-207
- Neo-Security Stack
- OAuth
- OAuth 2.0
- OAuth 2.0 Actors
- OAuth 2.0 Authorization
- OAuth 2.0 Client Registration
- OAuth 2.0 Device Authorization Grant
- OAuth 2.0 Incremental Authorization
- OAuth 2.0 JWT Secured Authorization Request
- OAuth 2.0 NOT an Authentication protocol
- OAuth 2.0 Software Statement
- OAuth 2.0 Token Introspection
- OAuth 2.0 Vulnerabilities
- OAuth Scope Example
- OXD
- Oauth.xyz
- Offline Authorization
- OpenAM
- OpenID Connect Client Initiated Backchannel Authentication Flow
- OpenPDS
- Payment Services Directive
- Permission
- Permissionless System
- Persisted Claims Token
- PoP
- Policy Administration Point
- Policy Based Management System
- Policy Decision Point
- Policy Retrieval Point
- Privacy Considerations
- Privilege
- Privilege Conflict
- Privilege Management
- Privilege Management Infrastructure
- Protected Health Information
- Protection API Token
- Proxied Authorization Control
- Proxy
- RFC 2904
- RFC 5755
- RFC 6750
- RFC 7208
- Redirect_uri
- Refresh Token
- Registration_endpoint
- Remote Authentication Dial-In User Service
- Resource Access Control Facility
- Resource Inventory Service
- SAML Holder of Key
- SCIM
- Scopes vs Claims
- Security Controls For This Wiki
- Security Domain
- Security Token
- Security Token Service
- Security-constraint
- Sensitive Authentication Data
- Service Account
- Session Management
- Simple Authentication
- Single Sign-On
- Single Sign-On Scenarios
- Smart-On-FHIR profile
- Social Login
- Social contract
- Subscriber Identification Module
- System Authorization Facility
- System for Cross-domain Identity Management
- ThisWilki
- Ticket
- Token
- Token Storage
- Treatment, Payment and Health care Operations
- Trust
- Trustee
- Trustor
- Unauthorized
- User-Managed Access
- Virtual Authenticator
- Visa
- Vulnerability
- WEB Access Management
- Web Blog_blogentry_010117_1
- Web Blog_blogentry_020816_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_031017_1
- Web Blog_blogentry_070817_1
- Web Blog_blogentry_120218_1
- Web Blog_blogentry_140615_1
- Web Blog_blogentry_200217_2
- Web Blog_blogentry_231215_1
- Web Blog_blogentry_250816_1
- Web Blog_blogentry_260715_1
- WebAuthn Extension Identifiers
- WebID
- WebSEAL
- Which Jane Doe
- Who Am I Extended Operation
- Why Access Tokens
- Why OAuth 2.0
- Why OpenID Connect
- Windows Hello
- XACML
- Yadis
- [#1] - Authorization
- based on data observed:2010-05-18
- [#2] - dictionary.com
- based on data observed:2010-05-18