Back to Security Pattern Catalog
: Perimeter Security, Information Disclosure
Authentication is the process to verify the digital identity of the sender. Authorization is the
process that performs access control by deciding whether a program or a person has the
privilege to access some data, functionality or service. Controlling access to the system
resources and especially data is a key requirement for an application security.
How do we specify who is authorized to access specific resources in a system?
Indicate, in a suitable representation, who is authorized to access what and in what way. Specify policies to define all the needed access to resources.
Access control system for Unix, Windows, Amazon storefront etc.
Role Based Access Control, Reference Monitor
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz