Misplaced Pages

Atomic authorization

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Atomic authorization" – news · newspapers · books · scholar · JSTOR (January 2022) (Learn how and when to remove this message)
The topic of this article may not meet Misplaced Pages's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted.
Find sources: "Atomic authorization" – news · newspapers · books · scholar · JSTOR (January 2022) (Learn how and when to remove this message)
(Learn how and when to remove this message)

Atomic authorization is the act of securing authorization rights independently from the intermediary applications to which they are granted and the parties to which they apply. More formally, in the field of computer security, to atomically authorize is to define policy that permits access to a specific resource, such that the authenticity of such policy may be independently verified without reliance on the application that enforces the policy or the individuals who use the application. Resources include access to individual data, computer programs, computer hardware, computer networks, and physical access.

Traditional vs. atomic authorization

In traditional (non-atomic) authorization, policy is defined and secured at an application level. That is, outside the context of the application, there is no mechanism to verify the legitimacy of traditional authorization policy. Atomic authorization requires a trusted third party to issue authorization policy with a cryptographic guarantee of integrity. Because it is secured independently of the application which use it, atomic authorization policy is equivalent in strength to strong authentication policy.

For an application using strong (N-factor) authentication, traditional authorization techniques pose a security vulnerability. The application must rely upon technologies like database queries or directory lookups, which are protected using single-factor authentication, for authorization information and management. Any application specific hardening of non-atomic authorization methods increases the complexity of identity management and issuing credentials, but does not further legitimize the authorization decisions that the application makes.

See also

References

  1. Dilles, Jacob (2009). "Atomic Authorization" (PDF). George Mason University. Archived (PDF) from the original on 2011-06-06. Retrieved 16 July 2009.

External links


Stub icon

This computer security article is a stub. You can help Misplaced Pages by expanding it.

Categories: