Authorization

Authorization refers to the process of determining what actions an authenticated user, device, or system is allowed to perform on a particular resource (e.g. files, data, systems). This process helps to ensure that users are only able to access the resources that they need to perform their work, and that sensitive information and systems are protected from unauthorized access and modification.

Authorization is typically implemented through access control policies, which specify which users, devices, or systems are allowed to perform which actions on which resources. These policies may be based on factors such as user role, location, time of day, or other criteria.

Authorization can also be based on other security controls, such as firewalls, intrusion detection systems, and data encryption, which help to further secure resources and systems.

By controlling and limiting access to resources, authorization helps to maintain the confidentiality, integrity, and availability of sensitive information and systems, and helps to prevent unauthorized access, theft, and tampering.

Authorization

Related Terms

Policy Decision Point (PDP)

Policy Enforcement Point (PEP)

Policy Administration Point (PAP)

Back-channel logout

Front-channel logout

cname (Canonical Name)

Signed Header

Continuous Verification

LDAP (Lightweight Directory Access Protocol)

OWASP (Open Web Application Security Project)