Back to Security Pattern Catalog




Authorization Enforcer


Classification Key : Perimeter Security, Information Disclosure

Problem

Authentication is the process to verify the digital identity of the sender. Authorization is the process that performs access control by deciding whether a program or a person has the privilege to access some data, functionality or service. Controlling access to the system resources and especially data is a key requirement for an application security. How do we specify who is authorized to access specific resources in a system?

Solution

Indicate, in a suitable representation, who is authorized to access what and in what way. Specify policies to define all the needed access to resources.

Known Uses

Access control system for Unix, Windows, Amazon storefront etc.

Related Patterns

Role Based Access Control, Reference Monitor

Source

Wiley Book

Tags

Access Control


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz