|
In security engineering and computer security, authorization, is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files or items data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer. Security engineering is the field of engineering dealing with the security and integrity of real-world systems. ...
Computer security is the effort to create a secure computing platform, designed so that agents (users or programs) can only perform actions that have been allowed. ...
In computing, an operating system (OS) is the system software responsible for the direct control and management of hardware and basic system operations. ...
A datum is a statement accepted at face value (a given). Data is the plural of datum. ...
A computer program (often simply called a program) is an example of computer software that prescribes the actions (computations) that are to be carried out by a computer. ...
A Device can be taken to mean: an electrical device designed to carry power, but not use it. ...
Application has the following meanings: In general, an application is using something general to some more conrete. ...
The authorization process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y.
Most modern, multi-user operating systems include an authorization process. This makes use of the authentication process to identify consumers. When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's system administrator in some types of "security policy application", such as an access control list, on the basis "least privilege": consumers should only be granted permissions they need to to their jobs. Older and single user operating systems often had weak or non-existent authentication and authorization systems. In computer security, authentication (Greek: αυθεντικός, from authentes=author) is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party. ...
Identification can mean The act of identifying. ...
The term system administrator (abbreviation: sysadmin) designates a job position of engineers involved in computer systems. ...
The access control list (ACL) is a concept in computer security, used to enforce privilege separation. ...
"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens include keys and tickets: they grant access without proving identity. This page deals with mathematical distributions. ...
There is the concept of "trusted" consumers. Consumers that have authenticated and are indicated as trusted are allowed unrestricted access to resources. "Partially trusted" and guests are subject to authorization for their use of protected resources. The security policy applications of some operating systems, by default, grant full access to all consumers to all resources. Others do the opposite, insisting that the administrator takes deliberate action to enable a consumer to use each resource.
Even when authorization is performed by using a combination of authentication and access control lists, the problems of maintaining the security policy data is not trivial, and often represents as much administrative burden as proving the necessary user identities. It is often desirable to remove a user's authorization: to do this with security policy application requires that the data be updateable.
See also:
|
Feeds |
Contact