ABSTRACT
Access determines which operations are capable, whereas authorization decides which of the actions an identity is allowed to perform. Movements such as cloud, Bring Your Own Device, and Internet of Things are behind the push from an access-based security model to an authorization-based one. The beginning of an authorization control system is identifying the entity that is trying to perform an action. This determination is made through authentication, the process of identifying a principal using credentials. Authorization control can be broken into five components, namely domains, principals, securables, trusts, and membership. The principle of least privilege dictates that a principal should be granted the least amount of authorization necessary to fulfill its purpose. Cryptography can ensure the confidentiality, integrity, or authenticity of data or control without needing to directly communicate with a service. This makes cryptography ideal for protecting against offline attacks or while data are in-transit between the two systems.
