Skip to main content
SpringerLink
Log in

A Consistent Definition of Authorization

  • Conference paper
  • First Online:
Security and Trust Management (STM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10547))

Included in the following conference series:

Abstract

A shared understanding of terms and concepts is a condition for meaningful discussions in any domain of scientific investigation and industrial development. This principle also applies to the domain of information security. It is therefore problematic when central terms are assigned inconsistent meanings in the literature and mainstream textbooks on information security. In particular, this is case for the concept of ‘authorization’ for which the security community still has not arrived at a clear and common understanding. We argue that there can only be one interpretation of authorization which is consistent with fundamental security concepts. Consistent definitions of security terms are important in order to support good learning and practice of information security. The proposed definition of authorization is not only consistent with other fundamental security terms, it is also simple, logical and intuitive.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.merriam-webster.com/dictionary/.

  2. 2.

    http://www.gartner.com/it-glossary/identity-and-access-management-iam/.

  3. 3.

    National Institute of Standards and Technology.

References

  1. Department of Finance and Deregulation: National e-Authentication Framework (NeAF). Australian Government Information Management Office, Canberra (2009)

    Google Scholar 

  2. Fajardo, V., et al.: RFC 6673 - Diameter Base Protocol. IETF, October (2012). https://tools.ietf.org/html/rfc6733

  3. Fraser, B.: RFC 2196 - Site Security Handbook. IETF, Fremont (1997). URL: http://www.ietf.org/rfc/rfc2196.txt (visited 30.01.2017)

  4. Harris, S., Maymí, F.: CISSP All-in-One Exam Guide, 7th edn. McGraw-Hill, New York City (2016)

    Google Scholar 

  5. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800-162. Technical report, National Institute of Standards and Technology, January (2014)

    Google Scholar 

  6. Hulsebosch, B., Lenzini, G., Eertink, H.: Deliverable D2.3 - STORK quality authenticator scheme. Technical report STORK eID Consortium (2009)

    Google Scholar 

  7. ISO: ISO/IEC 29115:2013. Entity authentication assurance framework. ISO, Geneva, Switzerland (2013)

    Google Scholar 

  8. ISO: ISO/IEC 27000:2016 - Information technology - security techniques - information security management systems - overview and vocabulary. ISO/IEC (2016)

    Google Scholar 

  9. ITU: Recommendation X.800, Security Architecture for Open Systems Interconnection for CCITT Applications. International Telecommunications Union (formerly known as the International Telegraph and Telephone Consultantive Committee), Geneva (1991). (X.800 is a re-edition of IS7498-2)

    Google Scholar 

  10. OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0. Organization for the Advancement of Structured Information Standards, 22 January 2013

    Google Scholar 

  11. Rigney, C., et al.: RFC 2865 - Remote Authentication Dial in User Service (RADIUS). IETF, Fremont (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Oslo, Oslo, Norway

    Audun Jøsang

Authors
  1. Audun Jøsang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Audun Jøsang .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Jøsang, A. (2017). A Consistent Definition of Authorization. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68063-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68062-0

  • Online ISBN: 978-3-319-68063-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation