Authorization
The ability of a system to grant specific privileges to specific users or classes of users. Usually granted in terms of read,write,execute.
Access control systems include:
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role Based Access Control (RBAC): privileges granted by the role of the actor.
- Claims/Capability Based Access Control (CBAC): system in which actors request (and are granted) tokens granting privileges for operations
Implementations
[[ oauth 2.0 ]]
References:
- Tarandach, I., & Coles, M. J. (2020). Threat Modeling: A Practical Guide for Development Teams (1st ed.). O’Reilly Media.
Notes mentioning this note
SPIFFE
SPIFFE SPIFFE is the Secure Production Identity Framework For Everyone. It provides a standard for secure identities using custom [[X.509...