Authorization

From MgmtWiki
Revision as of 11:32, 30 December 2018 by Tom (talk | contribs) (Context)

Jump to: navigation, search

Full Title or Meme

An action that will give a user an Access Token to a protected resource.

Context

  • Previously Authorization was considered to be the second step after the Subject had been successfully Authenticated.
  • The challenge of Authorization can be modeled as a decision theory where Authorization of access is granted after the Authorization service has evaluated the Claims presented and made a single decision about access where the Identity of the Subject is assumed to haven been appropriately Authentication. In the case of a failed Authorization the Subject was typically given instructions on the appropriated manual procedures to be follow to gain access to the resource. This method worked well within the confines of an Enterprise or Federation that had established the appropriate method for Authentication.
  • In the long term game theory would be a better model where the attacker and the Authorization process are engaged in a dual to gain illicit access to the resource.

Bayesian Identity Proofing provides the means for a collection of authentication and verification steps to be validated.

Problems

Solutions

References