Authorization (AZN) API

'A generally accepted definition of Authorization is the granting''' of access rights to a subject (for example as user or a program). Within this definition 'we need to distinguish between''' the administrative act of asserting that a subject should be 'granted access rights (termed privilege attributes'')' 'and''' the operational act of allowing a subject to access a resource after determining that they hold the required set of privilege attributes. This Technical Standard defines a generic application programming interface for access control, in systems whose access control facilities conform to the architectural framework described in International Standard ISO 10181-3 (Access control framework). The API defined in this document does not provide for privilege attribute administration, although it does provide facilities which allow a subject to control which of its privilege attributes are used to authorize a particular 'access request (such facilities are oftern called least privilege'').'

Bibliographic Details

Technical Standards

Catalog number C908
ISBN 1-85912-266-3
Jan 2000

110 pages. height 28 cm. 310 grams.

Register of Authorization Mechanisms OIDs

Availability

Electronic Publication Only (hard copy not available)

See the HTML version on the web

See the PDF version on the web

Note: To read any of our PDF files you will need Adobe Acrobat Version 3 or higher.