En el
contexto del control de acceso, la autorización es el otorgamiento de derechos
de acceso u otros derechos similares a un usuario, programa o proceso. La autorización
define lo que un individuo o programa puede hacer después de un proceso de
autenticación satisfactorio.
En lo que se
refiere a una transacción con tarjeta de pago, la autorización ocurre cuando un
comerciante recibe la aprobación de la transacción después de que el adquirente
valide la transacción con el emisor/procesador.
http://es.pcisecuritystandards.org
Definición
granular de permisos de acceso concedidos a un determinado usuario, dispositivo
o sistema, habitualmente implementado mediando listas de control de acceso
(ACL). [CCN-STIC-400:2006]
1. Concesión
o posesión de derechos (ISO-7498-2).
2. Proceso de
concesión a una entidad, o sujeto, de los derechos de acceso, completos o
restringidos, a un recurso y objeto.
[Ribagorda:1997]
Capacidad que
da el administrador de un sistema de información a determinados individuos para
aprobar intercambios, procedimientos y sistemas. [CESID:1997]
Atribución de
derechos, que incluye la concesión de acceso basada en derechos de acceso.[ISO-7498-2:1989]
Granting of access or other
rights to a user, program, or process. For a network, authorization defines
what an individual or program can do after successful authentication. For the
purposes of a payment card transaction authorization occurs when a merchant
receives transaction approval after the acquirer validates the transaction with
the issuer/processor.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Access privileges granted to
a user, program, or process or the act of granting those privileges.
[CNSSI_4009:2010]
1a. (I) An approval that is
granted to a system entity to access a system resource. (Compare: permission,
privilege.)
Usage: Some synonyms are
"permission" and "privilege". Specific terms are preferred
in certain contexts:
·
/PKI/
"Authorization" SHOULD be used, to align with "certification
authority" in the standard [X509].
·
/role-based
access control/ "Permission" SHOULD be used, to align with the
standard [ANSI].
·
/computer
operating systems/ "Privilege" SHOULD be used, to align with the
literature. (See: privileged process, privileged user.)
Tutorial: The semantics and
granularity of authorizations depend on the application and implementation
(see: "first law" under "Courtney's laws"). An
authorization may specify a particular access mode -- such as read, write, or
execute -- for one or more system resources.
1b. (I) A process for
granting approval to a system entity to access a system resource.
2. (O) /SET/ "The
process by which a properly appointed person or persons grants permission to
perform some action on behalf of an organization. This process assesses
transaction risk, confirms that a given transaction does not raise the account
holder's debt above the account's credit limit, and reserves the specified
amount of credit. (When a merchant obtains authorization, payment for the
authorized amount is guaranteed -- provided, of course, that the merchant
followed the rules associated with the authorization process.)" [SET2]
[RFC4949:2007]
Access privileges that are
granted to an entity; conveying an official sanction to perform a security
function or activity. [NIST-SP800-57:2007]
a user who may, in
accordance with the SFRs, perform an operation.
SFR - Security Functional
Requirement
[CC:2006]
The granting of permission
on the basis of authenticated identification. [H.235:2005]
The granting or denying of
access rights to a user, program, or process. [NIST-SP800-27:2004]
The granting or denying of
access rights to a user, program, or process. [NIST-SP800-33:2001]
The granting of rights,
which includes the granting of access based on access rights. [ISO-7498-2:1989]
A person who has a
need-to-know for classified information in the performance of official duties
and who has been granted a PCL at the required level. [DoD 5220:2006]
Authorization is the
approval, permission, or empowerment for someone or something to do something.
http://www.sans.org/security-resources/glossary-of-terms/
Authorization is the process
of giving someone permission to do or have something. In multi-user computer
systems, a system administrator defines for the system which users are allowed
access to the system and what privileges of use (such as access to which file
directories, hours of access, amount of allocated storage space, and so forth).
Assuming that someone has logged in to a computer operating system or
application, the system or application may want to identify what resources the
user can be given during this session. Thus, authorization is sometimes seen as
both the preliminary setting up of permissions by a system administrator and
the actual checking of the permission values that have been set up when a user
is getting access.
http://searchsecurity.techtarget.com/
Attribution de droits,
comprenant la permission d'accès sur la base de droits d'accès. [ISO-7498-2:1989]
Dans le contexte du
contrôle d’accès, l’autorisation est la concession d’un droit d’accès ou
d’autres droits à un utilisateur, programme ou processus. L’autorisation
définit ce qu’une personne ou un programme peuvent effectuer après une
authentification réussie.
Dans le cadre d’une
transaction par carte de paiement, l’autorisation est donnée lorsque le
commerçant reçoit l’approbation de la transaction une fois que l’acquéreur a
validé la transaction avec l’émetteur/le processeur.
http://fr.pcisecuritystandards.org/
Service de sécurité
visant à déterminer les droits d'une entité (utilisateur ou équipement) sur une
ressource informatique (ex.: permissions sur un fichier). En général, ce
service est lié avec le service d'authentification.
http://securit.free.fr/glossaire.htm