About Authorization
Authorization is a crucial component of access control, determining who can access what resources and perform specific actions.
Two types of Authorization
Role-Based Access Control (RBAC)
RBAC is a widely-used authorization model where access is granted based on predefined roles. Users are assigned roles, and these roles dictate the permissions associated with accessing resources and performing actions.
Attribute-Based Access Control (ABAC)
ABAC is a dynamic authorization model that considers various attributes associated with users, resources, actions, and context. Policies are defined based on these attributes, allowing for more granular control over access. ABAC is a superset of RBAC
Key Agents in Authorization
Authorization involves four key agents:
a. User Users are entities seeking access to resources or the ability to perform actions within a system.
b. Resource Resources are entities or data within a system that users may want to access or manipulate.
c. Action Actions define the specific operations or activities that users may want to perform on resources.
d. Context Context refers to the circumstances or conditions under which a user's request for access is evaluated. This includes factors such as time, location, or any other relevant contextual information.