Main Page: Difference between revisions

From Identity wiki
No edit summary
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Authorization systems are mechanisms that control and enforce access to digital resources, ensuring that only authorized users or entities can perform specific actions. There are several types of authorization systems, each designed for different use cases. Below are some of the most common ones:
Authorization systems are mechanisms that control and enforce access to digital resources, ensuring that only authorized users or entities can perform specific actions. There are several types of authorization systems, each designed for different use cases. Below are some of the most common ones:


<big>1. Role-Based Access Control (RBAC)</big>
==Role-Based Access Control (RBAC)==
How It Works: Users are assigned roles, and each role has predefined permissions.<br>
How It Works: Users are assigned roles, and each role has predefined permissions.<br>
Use Cases: Enterprise systems, corporate IT environments, cloud platforms.<br>
Use Cases: Enterprise systems, corporate IT environments, cloud platforms.<br>
''Example: In a company, employees may have roles like "Admin," "Manager," or "Employee," each with different levels of access.''
In a company, employees may have roles like "Admin," "Manager," or "Employee," each with different levels of access.


<big>2. Attribute-Based Access Control (ABAC)</big>
==Attribute-Based Access Control (ABAC)==
How It Works: Access is granted based on attributes (e.g., user department, location, device type).<br>
How It Works: Access is granted based on attributes (e.g., user department, location, device type).<br>
Use Cases: Government systems, healthcare, and dynamic cloud environments.<br>
Use Cases: Government systems, healthcare, and dynamic cloud environments.<br>
''Example: A doctor can access patient records only if they are in a hospital and using an authorized device.''
''A doctor can access patient records only if they are in a hospital and using an authorized device.''


<big>3. Discretionary Access Control (DAC)</big>
==Discretionary Access Control (DAC)==
How It Works: Owners of resources (files, databases, etc.) can decide who gets access.
How It Works: Owners of resources (files, databases, etc.) can decide who gets access.<br>
Use Cases: File-sharing systems, personal computing environments.<br>
Use Cases: File-sharing systems, personal computing environments.<br>
''Example: A user can grant read or write permissions to a file they own.''
''A user can grant read or write permissions to a file they own.''


<big>4. Mandatory Access Control (MAC)</big>
==Mandatory Access Control (MAC)==
How It Works: Access is enforced by strict policies defined by a central authority.
How It Works: Access is enforced by strict policies defined by a central authority.<br>
Use Cases: Military, classified government systems.<br>
Use Cases: Military, classified government systems.<br>
''Example: A military database classifies documents as "Top Secret," and only users with the correct clearance can access them.''
''A military database classifies documents as "Top Secret," and only users with the correct clearance can access them.''


<big>5. OAuth 2.0 (Token-Based Authorization)</big>
==[[Understanding OAuth 2.0: Token-Based Authorization|OAuth 2.0]] (Token-Based Authorization)==
How It Works: Users authenticate through a provider (Google, Facebook, etc.), and access tokens are issued for authorization.<br>
How It Works: Users authenticate through a provider (Google, Facebook, etc.), and access tokens are issued for authorization.<br>
Use Cases: Web and mobile applications, API integrations.<br>
Use Cases: Web and mobile applications, API integrations.<br>
''Example: A user logs into a third-party app using their Google account, and Google grants the app permission to access certain user data.''
''A user logs into a third-party app using their Google account, and Google grants the app permission to access certain user data.''


<big>6. OpenID Connect (OIDC)</big>
==OpenID Connect (OIDC)==
How It Works: An identity layer built on top of OAuth 2.0, allowing authentication and authorization.<br>
How It Works: An identity layer built on top of OAuth 2.0, allowing authentication and authorization.<br>
Use Cases: Single Sign-On (SSO) for web applications.<br>
Use Cases: Single Sign-On (SSO) for web applications.<br>
''Example: A user logs into multiple services (email, cloud storage) with one login.''
''A user logs into multiple services (email, cloud storage) with one login.''


==[[SAML]] (Security Assertion Markup Language)==

<big>7. SAML (Security Assertion Markup Language)</big>
How It Works: Uses XML-based authentication and authorization between identity providers and service providers.<br>
How It Works: Uses XML-based authentication and authorization between identity providers and service providers.<br>
Use Cases: Enterprise SSO, cloud services.<br>
Use Cases: Enterprise SSO, cloud services.<br>
''Example: A corporate employee logs into multiple applications using their work credentials.''
''A corporate employee logs into multiple applications using their work credentials.''


<big>8. Zero Trust Authorization</big>
==Zero Trust Authorization==
How It Works: No user or device is trusted by default; continuous verification is required.<br>
How It Works: No user or device is trusted by default; continuous verification is required.<br>
Use Cases: Cybersecurity-focused organizations, remote work environments.<br>
Use Cases: Cybersecurity-focused organizations, remote work environments.<br>
''Example: A company requires employees to authenticate every time they access sensitive data, regardless of their network location.''
''A company requires employees to authenticate every time they access sensitive data, regardless of their network location.''


<big>9. Blockchain-Based Authorization</big>
==Blockchain-Based Authorization==
How It Works: Uses decentralized identity and cryptographic verification.<br>
How It Works: Uses decentralized identity and cryptographic verification.<br>
Use Cases: Web3 applications, decentralized finance (DeFi), supply chain security.<br>
Use Cases: Web3 applications, decentralized finance (DeFi), supply chain security.<br>
''Example: A smart contract grants access to specific users based on blockchain-based identity verification.''
''A smart contract grants access to specific users based on blockchain-based identity verification.''

Latest revision as of 11:32, 11 March 2025

Authorization systems are mechanisms that control and enforce access to digital resources, ensuring that only authorized users or entities can perform specific actions. There are several types of authorization systems, each designed for different use cases. Below are some of the most common ones:

Role-Based Access Control (RBAC)[edit]

How It Works: Users are assigned roles, and each role has predefined permissions.
Use Cases: Enterprise systems, corporate IT environments, cloud platforms.

   In a company, employees may have roles like "Admin," "Manager," or "Employee," each with different levels of access.

Attribute-Based Access Control (ABAC)[edit]

How It Works: Access is granted based on attributes (e.g., user department, location, device type).
Use Cases: Government systems, healthcare, and dynamic cloud environments.

   A doctor can access patient records only if they are in a hospital and using an authorized device.

Discretionary Access Control (DAC)[edit]

How It Works: Owners of resources (files, databases, etc.) can decide who gets access.
Use Cases: File-sharing systems, personal computing environments.

   A user can grant read or write permissions to a file they own.

Mandatory Access Control (MAC)[edit]

How It Works: Access is enforced by strict policies defined by a central authority.
Use Cases: Military, classified government systems.

   A military database classifies documents as "Top Secret," and only users with the correct clearance can access them.

OAuth 2.0 (Token-Based Authorization)[edit]

How It Works: Users authenticate through a provider (Google, Facebook, etc.), and access tokens are issued for authorization.
Use Cases: Web and mobile applications, API integrations.

   A user logs into a third-party app using their Google account, and Google grants the app permission to access certain user data.

OpenID Connect (OIDC)[edit]

How It Works: An identity layer built on top of OAuth 2.0, allowing authentication and authorization.
Use Cases: Single Sign-On (SSO) for web applications.

   A user logs into multiple services (email, cloud storage) with one login.

SAML (Security Assertion Markup Language)[edit]

How It Works: Uses XML-based authentication and authorization between identity providers and service providers.
Use Cases: Enterprise SSO, cloud services.

   A corporate employee logs into multiple applications using their work credentials.

Zero Trust Authorization[edit]

How It Works: No user or device is trusted by default; continuous verification is required.
Use Cases: Cybersecurity-focused organizations, remote work environments.

   A company requires employees to authenticate every time they access sensitive data, regardless of their network location.

Blockchain-Based Authorization[edit]

How It Works: Uses decentralized identity and cryptographic verification.
Use Cases: Web3 applications, decentralized finance (DeFi), supply chain security.

   A smart contract grants access to specific users based on blockchain-based identity verification.
Retrieved from "https://id2.org/index.php?title=Main_Page&oldid=192"