In security engineering and computer security, authorization is the concept of allowing access to resources only to those permitted to use them. Security engineering is a specialized field of Engineering that deals with the development of detailed engineering plans and designs for security features controls and systems This article describes how security can be achieved through design and engineering More formally, authorization is a process (often part of the operating system) that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination Resources include individual files' or items' data, computer programs, computer devices and functionality provided by computer applications. Debt AIDS Trade in Africa (or DATA) is a Multinational non-government organization founded in January 2002 in London by U2 's Computer programs (also software programs, or just programs) are instructions for a Computer. Typical PC hardware A typical Personal computer consists of a case or chassis in a tower shape (desktop and the following parts Motherboard Application software is a subclass of Computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform Examples of consumers are computer users, computer programs and other devices on the computer. Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as

Overview

The authorization process is used to decide if person, program or device X is allowed to have access to data, functionality or service Y.

Most modern, multi-user operating systems include an authorization process. This makes use of the Authentication#Computer_security process to identify consumers. Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as When a consumer tries to use a resource, the authorization process checks that the consumer has been granted permission to use that resource. Permissions are generally defined by the computer's system administrator in some type of "security policy application", such as an access control list or a capability, on the basis of the "principle of least privilege": consumers should only be granted permissions they need to do their jobs. A system administrator, systems administrator, or sysadmin, is a person employed to maintain and operate a Computer system and/or network. In Computer security, an access control list ( ACL) is a list of permissions attached to an object Capability-based security is a concept in the design of Secure computing systems In Information security, Computer science, and other fields the principle of least privilege, also known as the principle of minimal privilege or just Older and single user operating systems often had weak or non-existent authentication and authorization systems.

"Anonymous consumers" or "guests", are consumers that have not been required to authenticate. They often have very few permissions. On a distributed system, it is often desirable to grant access without requiring a unique identity. Familiar examples of authorization tokens include keys and tickets: they grant access without proving identity.

There is the concept of "trusted" consumers. Consumers that have authenticated and are indicated as trusted are allowed unrestricted access to resources. "Partially trusted" and guests are subject to authorization for their use of protected resources. The security policy applications of some operating systems, by default, grant full access to all consumers to all resources. Others do the opposite, insisting that the administrator takes deliberate action to enable a consumer to use each resource.

Even when authorization is performed by using a combination of authentication and access control lists, the problems of maintaining the security policy data is not trivial, and often represents as much administrative burden as proving the necessary user identities. It is often desirable to remove a user's authorization: to do this with security policy application requires that the data be updateable.

Public policy

In public policy, authorization is a feature of trusted systems used for security or social control. In the Security engineering subspecialty of Computer science, a trusted system is a system that is relied upon to a specified extent to enforce a specified security Security is the condition of being protected against danger loss and criminals Social control refers to social mechanisms that regulate individual and group behavior leading to conformity and compliances to the rules of a given Society or

Banking

In banking, an authorization is a hold placed on a customer's account when a purchase is made using a debit card or credit card. A banker or bank is a Financial institution whose primary activity is to act as a payment agent for customers and to borrow and lend money Authorization hold (also card authorisation, preauthorization, or preauth) is the practice within the banking industry of authorizing electronic A debit card (also known as a bank card) is a plastic card which provides an alternative payment method to Cash when making purchases A credit card is part of a system of Payments named after the small Plastic card issued to users of the system

Publishing

In publishing, sometimes public lectures and other freely available texts are published without the consent of the author. Publishing is the process of production and dissemination of Literature or Information &ndash the activity of making information available for public view An author is defined both as "the person who originates or gives existence to anything" and that authorship determines responsibility for what is created These are called unauthorized texts. An example is the 2002 'The Theory of Everything: The Origin and Fate of the Universe' , which was collected from Stephen Hawking's lectures and published without his permission. See also 2002 (disambiguation Year 2002 ( MMII) was a Common year starting on Tuesday of the Gregorian calendar. The Theory of Everything The Origin and Fate of the Universe is an unauthorized 2002 book by Stephen Hawking (ISBN 1-893224-79-1 Stephen William Hawking CH, CBE, FRS, FRSA (born 8 January 1942 is a British theoretical physicist.

See also

• Security engineering
• Computer security
• Authentication
• Access control
• Kerberos (protocol)
• Operating system
• Authorization OSID
• Authorization hold
• XACML