Ver:
· AAA - Autenticación, Autorización y Registro
En el
contexto del control de acceso, la autorización es el otorgamiento de derechos
de acceso u otros derechos similares a un usuario, programa o proceso. La autorización
define lo que un individuo o programa puede hacer después de un proceso de
autenticación satisfactorio.
En lo que se
refiere a una transacción con tarjeta de pago, la autorización ocurre cuando un
comerciante recibe la aprobación de la transacción después de que el adquirente
valide la transacción con el emisor/procesador.
http://es.pcisecuritystandards.org
Definición
granular de permisos de acceso concedidos a un determinado usuario, dispositivo
o sistema, habitualmente implementado mediando listas de control de acceso
(ACL). [CCN-STIC-400:2006]
1. Concesión
o posesión de derechos (ISO-7498-2).
2. Proceso de
concesión a una entidad, o sujeto, de los derechos de acceso, completos o
restringidos, a un recurso y objeto.
[Ribagorda:1997]
Capacidad que
da el administrador de un sistema de información a determinados individuos para
aprobar intercambios, procedimientos y sistemas. [CESID:1997]
Atribución de
derechos, que incluye la concesión de acceso basada en derechos de acceso.[ISO-7498-2:1989]
Granting of
access or other rights to a user, program, or process. For a network,
authorization defines what an individual or program can do after successful
authentication. For the purposes of a payment card transaction authorization
occurs when a merchant receives transaction approval after the acquirer
validates the transaction with the issuer/processor.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Access privileges
granted to a user, program, or process or the act of granting those privileges.
[CNSSI_4009:2010]
1a. (I) An
approval that is granted to a system entity to access a system resource. (Compare:
permission, privilege.)
Usage: Some
synonyms are "permission" and "privilege". Specific terms
are preferred in certain contexts:
·
/PKI/
"Authorization" SHOULD be used, to align with "certification
authority" in the standard [X509].
·
/role-based
access control/ "Permission" SHOULD be used, to align with the
standard [ANSI].
·
/computer
operating systems/ "Privilege" SHOULD be used, to align with the
literature. (See: privileged process, privileged user.)
Tutorial: The
semantics and granularity of authorizations depend on the application and
implementation (see: "first law" under "Courtney's laws").
An authorization may specify a particular access mode -- such as read, write,
or execute -- for one or more system resources.
1b. (I) A process
for granting approval to a system entity to access a system resource.
2. (O) /SET/
"The process by which a properly appointed person or persons grants
permission to perform some action on behalf of an organization. This process
assesses transaction risk, confirms that a given transaction does not raise the
account holder's debt above the account's credit limit, and reserves the
specified amount of credit. (When a merchant obtains authorization, payment for
the authorized amount is guaranteed -- provided, of course, that the merchant
followed the rules associated with the authorization process.)" [SET2]
[RFC4949:2007]
Access privileges
that are granted to an entity; conveying an official sanction to perform a
security function or activity. [NIST-SP800-57:2007]
a user who may,
in accordance with the SFRs, perform an operation.
SFR - Security
Functional Requirement
[CC:2006]
The granting of
permission on the basis of authenticated identification. [H.235:2005]
The granting or
denying of access rights to a user, program, or process. [NIST-SP800-27:2004]
The granting or
denying of access rights to a user, program, or process. [NIST-SP800-33:2001]
The granting of
rights, which includes the granting of access based on access rights. [ISO-7498-2:1989]
A person who has
a need-to-know for classified information in the performance of official duties
and who has been granted a PCL at the required level. [DoD 5220:2006]
Authorization is
the approval, permission, or empowerment for someone or something to do
something.
http://www.sans.org/security-resources/glossary-of-terms/
Authorization is
the process of giving someone permission to do or have something. In multi-user
computer systems, a system administrator defines for the system which users are
allowed access to the system and what privileges of use (such as access to
which file directories, hours of access, amount of allocated storage space, and
so forth). Assuming that someone has logged in to a computer operating system
or application, the system or application may want to identify what resources
the user can be given during this session. Thus, authorization is sometimes
seen as both the preliminary setting up of permissions by a system
administrator and the actual checking of the permission values that have been
set up when a user is getting access.
http://searchsecurity.techtarget.com/
Attribution de droits,
comprenant la permission d'accès sur la base de droits d'accès. [ISO-7498-2:1989]
Dans le contexte du
contrôle daccès, lautorisation est la concession dun droit daccès ou
dautres droits à un utilisateur, programme ou processus. Lautorisation
définit ce quune personne ou un programme peuvent effectuer après une
authentification réussie.
Dans le cadre dune
transaction par carte de paiement, lautorisation est donnée lorsque le
commerçant reçoit lapprobation de la transaction une fois que lacquéreur a
validé la transaction avec lémetteur/le processeur.
http://fr.pcisecuritystandards.org/
Service de sécurité
visant à déterminer les droits d'une entité (utilisateur ou équipement) sur une
ressource informatique (ex.: permissions sur un fichier). En général, ce
service est lié avec le service d'authentification.
http://securit.free.fr/glossaire.htm
Temas relacionados