Authorization is the act of granting access to a service or resource for an authenticated person, based on information contained in that person's Identity, such as the person's organizational affilation, role, or explicit entitlements.[1][2]
Note that authorization may apply to non-person subjects, such as software agents.
See Also
- Definition of Authentication
- Definition of Identity
- The "What do we trust?" section of Trusted Relationships for Access Management: The InCommon Model.
References
- The "What do we trust?" section of Trusted Relationships for Access Management: The InCommon Model→.
- Authorization→ from Wikipedia.