Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Security Forum


Return to Security home page
Current work:

- Managers Guides

- MGIS

- Data Privacy

- PKI

- Guide to PKI

- Identity Mgt

- Access Control

- Security Patterns

- Secure Messaging

Strategy/Roadmap

Useful links:

Security topics

Info sources

Liaisons

How we work

Open Group Security Standards/Guides

Authorization

Both authentication and authorization are traditional computer security techniques, allowing known users access to the areas they are permitted to use, and denying them access to areas for which they are not assigned rights. The granting of rights (the authorization) applies to programs and processes, not just to users.

The Security Program Group has published an Authorization API (C908), January 2000.

A generally accepted definition of Authorization is "the granting of access rights to a subject (for example as user or a program)." Within this definition, we need to distinguish between the administrative act of asserting that a subject should be granted access rights (termed "privilege attributes"), and the operational act of allowing a subject to access a resource after determining that they hold the required set of privilege attributes. The Authorization API Technical Standard C908 defines a generic application programming interface for access control, in systems whose access control facilities conform to the architectural framework described in International Standard ISO 10181-3 (Access control framework). The API defined in C908 does not provide for privilege attribute administration, although it does provide facilities which allow a subject to control which of its privilege attributes are used to authorize a particular access request - such facilities are often called "least privilege".

The work on the Authorization API took forward an earlier significant piece of work - the Distributed Security Framework (XDSF) - and follows the roadmap laid down by The Open Group's Architectural Framework (TOGAF).

Send email to the Authorization Services development list.

 


Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2015