Authorization

The ability of a system to grant specific privileges to specific users or classes of users. Usually granted in terms of read,write,execute.

Access control systems include:

  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)
  • Role Based Access Control (RBAC): privileges granted by the role of the actor.
  • Claims/Capability Based Access Control (CBAC): system in which actors request (and are granted) tokens granting privileges for operations

Implementations

[[ oauth 2.0 ]]


References:

  • Tarandach, I., & Coles, M. J. (2020). Threat Modeling: A Practical Guide for Development Teams (1st ed.). O’Reilly Media.

Notes mentioning this note


Here are all the notes in this garden, along with their links, visualized as a graph.