Main Page

From Identity wiki

Authorization systems are mechanisms that control and enforce access to digital resources, ensuring that only authorized users or entities can perform specific actions. There are several types of authorization systems, each designed for different use cases. Below are some of the most common ones:

Role-Based Access Control (RBAC)[edit]

How It Works: Users are assigned roles, and each role has predefined permissions.
Use Cases: Enterprise systems, corporate IT environments, cloud platforms.

   In a company, employees may have roles like "Admin," "Manager," or "Employee," each with different levels of access.

Attribute-Based Access Control (ABAC)[edit]

How It Works: Access is granted based on attributes (e.g., user department, location, device type).
Use Cases: Government systems, healthcare, and dynamic cloud environments.

   A doctor can access patient records only if they are in a hospital and using an authorized device.

Discretionary Access Control (DAC)[edit]

How It Works: Owners of resources (files, databases, etc.) can decide who gets access.
Use Cases: File-sharing systems, personal computing environments.

   A user can grant read or write permissions to a file they own.

Mandatory Access Control (MAC)[edit]

How It Works: Access is enforced by strict policies defined by a central authority.
Use Cases: Military, classified government systems.

   A military database classifies documents as "Top Secret," and only users with the correct clearance can access them.

OAuth 2.0 (Token-Based Authorization)[edit]

How It Works: Users authenticate through a provider (Google, Facebook, etc.), and access tokens are issued for authorization.
Use Cases: Web and mobile applications, API integrations.

   A user logs into a third-party app using their Google account, and Google grants the app permission to access certain user data.

OpenID Connect (OIDC)[edit]

How It Works: An identity layer built on top of OAuth 2.0, allowing authentication and authorization.
Use Cases: Single Sign-On (SSO) for web applications.

   A user logs into multiple services (email, cloud storage) with one login.

SAML (Security Assertion Markup Language)[edit]

How It Works: Uses XML-based authentication and authorization between identity providers and service providers.
Use Cases: Enterprise SSO, cloud services.

   A corporate employee logs into multiple applications using their work credentials.

Zero Trust Authorization[edit]

How It Works: No user or device is trusted by default; continuous verification is required.
Use Cases: Cybersecurity-focused organizations, remote work environments.

   A company requires employees to authenticate every time they access sensitive data, regardless of their network location.

Blockchain-Based Authorization[edit]

How It Works: Uses decentralized identity and cryptographic verification.
Use Cases: Web3 applications, decentralized finance (DeFi), supply chain security.

   A smart contract grants access to specific users based on blockchain-based identity verification.
Retrieved from "https://id2.org/index.php?title=Main_Page&oldid=192"