iPedia Free Information Center

Information about Authorization

Authorized redirects here see Authorized (horse) for the 2007 Epsom Derby winner
In security engineering and computer security, authorization is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files or items data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer.

Overview

The authorization process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y.

Most modern, multi-user operating systems include an authorization process. This makes use of the authentication process to identify consumers. When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's system administrator in some types of "security policy application", such as an access control list or a capability, on the basis of the "principle of least privilege": consumers should only be granted permissions they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and authorization systems.

"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens include keys and tickets: they grant access without proving identity.

There is the concept of "trusted" consumers. Consumers that have authenticated and are indicated as trusted are allowed unrestricted access to resources. "Partially trusted" and guests are subject to authorization for their use of protected resources. The security policy applications of some operating systems, by default, grant full access to all consumers to all resources. Others do the opposite, insisting that the administrator takes deliberate action to enable a consumer to use each resource.

Even when authorization is performed by using a combination of authentication and access control lists, the problems of maintaining the security policy data is not trivial, and often represents as much administrative burden as proving the necessary user identities. It is often desirable to remove a user's authorization: to do this with security policy application requires that the data be updateable.

Public policy

In public policy, authorization is a feature of trusted systems used for security or social control.

Banking

In banking, an authorization is a hold placed on a customer's account when a purchase is made using a debit card or credit card.

See also

Authorized (born 2004) is an Irish-bred and British-trained Thoroughbred racehorse, winner of the 2007 Epsom Derby.

Birth, pedigree and sales

Authorized was foaled on 14 February 2004 and was sired by Montjeu, winner of the Irish Derby Stakes, Prix du Jockey Club
..... Click the link for more information.
    Good
  • 17 ran
  • Winner's time: 2m 34.77s
  • Winner's prize: £709,750

* Horse Jockey Trainer SP
1 Authorized Frankie Dettori Peter Chapple-Hyam 5/4 fav
2
..... Click the link for more information.
Security engineering is the field of engineering dealing in developing detailed engineering designs for security systems and for security of spaces. It is similar to systems engineering in that its motivation is to make a system meet requirements, but with the added dimension of
..... Click the link for more information.
Computer security is a branch of information security applied to both theoretical and actual computer systems. Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers.
..... Click the link for more information.
An operating system (OS) is the software that manages the sharing of the resources of a computer. An operating system processes system data and user input, and responds by allocating and managing tasks and internal system resources as a service to users and programs of the
..... Click the link for more information.
For other uses, see Data (disambiguation).


Debt, AIDS, Trade in Africa (or DATA) is a multinational non-government organization founded in January 2002 in London by U2's Bono along with Bobby Shriver and activists from the Jubilee 2000 Drop
..... Click the link for more information.
A computer program is one or more instructions that are intended for execution by a computer. Specifically, it is a symbol or combination of symbols forming an algorithm that may or may not terminate, and that algorithm is written in a programming language.
..... Click the link for more information.
Device may refer to:

Computing and electronics

  • Computer hardware
  • Peripheral device, any device attached to a computer that expands its functionality
  • Device file, an interface for a device driver

..... Click the link for more information.
Application software is a subclass of computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform. This should be contrasted with system software which is involved in integrating a computer's various capabilities,
..... Click the link for more information.
Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.
..... Click the link for more information.
Identification can mean
  • Identification (psychoanalysis)
  • Recognition of human individuals
  • An identity document
  • Identification (information)
  • Identification (parameter), in statistics and econometrics, how parameters can be inferred from data

..... Click the link for more information.
A system administrator, systems administrator, or sysadmin, is a person employed to maintain, and operate a computer system or network. System administrators may be members of an information technology department.
..... Click the link for more information.
In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
..... Click the link for more information.
In computer science and other fields the principle of minimal privilege, also known as the principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (such as a process, a user or a
..... Click the link for more information.
Token may refer to:
  • Token (railway signalling), a physical object given to a locomotive driver to authorize him to use a particular stretch of single railway track
  • Token coins, a piece of metal or other composition used as a substitute for currency

..... Click the link for more information.
policy is a deliberate plan of action to guide decisions and achieve rational outcome(s). The term may apply to government, private sector organizations and groups, and individuals.
..... Click the link for more information.
In the security engineering subspecialty of computer science, a trusted system is a system that is relied upon to a specified extent to enforce a specified security policy. As such, a trusted system is one which failure may break a specified security policy.
..... Click the link for more information.
Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside.
..... Click the link for more information.
Social control refers to social mechanisms that regulate individual and group behavior, leading to conformity and compliances to the rules of a given society or social group.
..... Click the link for more information.
bank is a commercial or state institution that provides financial services , including issuing money in various forms, receiving deposits of money, lending money and processing transactions and the creating of credit.
..... Click the link for more information.
Authorization hold (also card authorisation, preauthorization, or preauth) is the practice within the banking industry of authorizing electronic transactions done with a debit card or credit card and holding this balance as unavailable either until the merchant
..... Click the link for more information.
This article may be too long.
Please discuss this issue on the talk page and help summarize or split the content into subarticles of an article series.

A debit card is a plastic card which provides an alternative payment method to cash when making purchases.
..... Click the link for more information.


A credit card is a system of payment named after the small plastic card issued to users of the system. A credit card is different from a debit card in that it does not remove money from the user's account after every transaction.
..... Click the link for more information.
Security engineering is the field of engineering dealing in developing detailed engineering designs for security systems and for security of spaces. It is similar to systems engineering in that its motivation is to make a system meet requirements, but with the added dimension of
..... Click the link for more information.
Computer security is a branch of information security applied to both theoretical and actual computer systems. Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers.
..... Click the link for more information.
Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.
..... Click the link for more information.
access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through
..... Click the link for more information.
Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner.
..... Click the link for more information.
An operating system (OS) is the software that manages the sharing of the resources of a computer. An operating system processes system data and user input, and responds by allocating and managing tasks and internal system resources as a service to users and programs of the
..... Click the link for more information.
The Authorization Open Service Interface Definition (OSID) is an O.K.I. specification which provides the means to define who is authorized to do what, when. OSIDs
..... Click the link for more information.


This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus


page counter