Authorization is the function of specifying access rights to resources related to information security and computer security. More formally, “to authorize” is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests should be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications.
Access control in computer systems and networks rely on access policies. The access control process can be divided into two phases: 1) a policy definition phase where access is authorized, and 2) a policy enforcement phase where access requests are approved or disapproved. Authorization is thus the function of the policy definition phase which precedes the policy enforcement phase where access requests are approved or disapproved based on the previously defined authorizations.
Most modern, multi-user operating systems include access control and thereby rely on authorization. Access control also uses authentication to verify the identity of users. When a user tries to access a resource, the access control process checks that the user has been authorized to use that resource. Authorization is typically the responsibility of an authority, such as a department manager, but is often delegated to a custodian such as a system administrator. Authorizations are expressed as access policies in some types of “policy definition application”, e.g. in the form of an access control list or on the basis of the “principle of least privilege” where users are only authorized to access whatever they need to do their jobs. Older and single user operating systems often had weak or non-existent authentication and access control systems.
“Anonymous users” or “guests” are users that have not been required to be authenticated. They often have limited authorization. On a distributed system, it is often desirable to grant access without requiring a unique identity, e.g. with the use of an access token. Familiar examples of access tokens in the real world include keys and tickets which grant access without proving identity.
Trusted users are sometimes authorized for unrestricted access to resources on a system, but must be authenticated so that the access control system can make the access approval decision. “Partially trusted” and guests will often have restricted authorization in order to protect resources against improper access and usage. The access policies in some operating systems, by default, grant all users full access to all resources. Others do the opposite, insisting that the administrator explicitly authorizes a user to use each resource.
Even when access is controlled through a combination of authentication and access control lists, the problems of maintaining the authorization data is not trivial, and often represents as much administrative burden as managing authentication credentials. It is often necessary to change or remove a user's authorization: this is done by changing or deleting the corresponding access rules on the system. Using atomic authorization is an alternative to per-system authorization management, where a trusted third party securely distributes authorization information.
Authorization-based security has been around for a while and typically works as follows. It uses some authorization token, which is give to the creator of some resource. The authorization token must be protected, as it yields access to the resources. Therefore, many authorization systems use encryption to protect the contents and to validate the token is unchanged and thus still valid at the time of use. Securely sharing the authorization token is a key part of the strategy, as the token must not be allowed to escape. Thus, many authorization-based systems focus on assisting users of application in sharing authorization tokens with other users (possible of other applications). Also, authorization token may be modified to limit access (e.g. read-only memory) before being shared.
Prior art security mechanisms tend to focus on resource permissions. The typical example is file systems, where access permissions are set on files and folders. A user may be given read-only access to a folder; however, permissions for sub-folders and their files can be independently adjusted, such that a folder with write permission for everyone may appear nested with in a top-level restricted folder.
It will be appreciated that prior art access systems are tradeoffs between administrative overhead and security. Systems with high security tend to require a great deal administration with individuals and even groups assigned to the task of maintaining and enforcing the access policies. Systems without dedicated administrators tend to be of low security by providing permissions that are broader than necessary, allowing access control features to be easily or even accidentally circumvented, and relying upon user names and passwords which might fall into the wrong hands.
These and other limitations of the prior art will become apparent to those of skill in the art upon a reading of the following descriptions and a study of the several figures of the drawing.