Authorization
Authorization refers to rights and privileges granted to an individual or process that enable access to computer resources and information assets. Once a user's identity and authentication are established, authorization levels determine the extent of system rights that a user can hold. Authorization is related to complete mediation, in which every request by a subject to access an object in a computer system must undergo a valid and effective authorization procedure. This mediation must not be suspended or become capable of being bypassed, even when the information system is being initialized, undergoing shutdown, or being restarted, or is in maintenance mode. Complete mediation entails the following:
- Identification of the entity making the access request
- Verification that the request has not changed since its initiation
- Application of the appropriate authorization procedures
- Re-examination of previously authorized requests by the same entity
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
