Authorization is the act of granting access to a specific resource. This can be an entire application, or a much smaller piece of functionality. Authorization is also referred to as access control.

The de facto standard for fine-grained authorization is eXtensible Access Control Markup Language (XACML). For coarse-grained authorization on Internet scale, OAuth is an important standard.

Previous: Authentication Next: Auditing

4 Responses to Authorization

  1. […] it may implement authorization, perhaps using XACML. In that case, a Policy Decision Point (PDP) is responsible for deciding on […]

  2. […] Luckily, these alternatives can use the same basic machinery defined in the RFC. This machinery includes status code 401 Unauthorized, and the WWW-Authenticate, Authentication-Info, and Authorization headers. Note that the Authorization header is unfortunately misnamed, since it’s used for authentication, not authorization. […]

  3. […] is to determine appropriate access control policies. It is wasteful to protect all your information at the highest level, so you want to […]

  4. […] another example, imagine an implementation of the XACML specification for authorization. The “X” in XACML stands for […]

Please Join the Discussion

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 311 other followers