Encyclopedia > Authorization

  Article Content

Authorization

In security engineering, authorization is the process by which an entity attempts to confirm that another entity is allowed to access a resource.

The problem of authorization is often considered to be identical to that of authentication: however, there are many cases in which these two problems are different.

For example, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens[?] include keys and tickets: they grant access without proving identity.

Even when authorization is performed by using a combination of authentication and access control lists, the problems of maintaining the access control lists is non-trivial, and often represents as much administrative burden as proving the necessary user identities. It is often desirable to remove a user's authorization: to do this with access control lists requires that the lists be updateable. Attacking the access control list updates can then compromise the entire system, and if any update is needed, communication systems are required, together with additional authorization and security systems to protect the access control list updates.

It may also be desired to grant authorization in a way that is irrevocable: this is hard to do with access control list systems.

much more needs to be written

See also:



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
USS Adams (1799)

... Mediterranean prompted Washington to order his recall and he sailed for home in Adams on 25 September. The frigate carried Morris to Washington and was placed in ordinary at ...