Authorisation is a process of verifying that an agent can legitimately take some action, such as gaining access to a resource, editing a document, entering a building or making a payment. An administrative authority must determine whether there are sufficient grounds for authorising the action.
Authorisation has two related meanings. The first is that the administrative authority confers on an agent a set of privileges to access resources or take actions; the agent becomes authorised to use a system. The second meaning is that, when an authorised agent wishes to use the system directly, they present their credentials, and an authorisation process grants immediate access. As an example, in the first meaning, a customer will be authorised to use an online banking system. In the second meaning, the customer is authorised, perhaps via a password, biometric data or banking card, to perform some concrete action, such as withdrawing some money.
Authorisation is a key concept in security, and in preventing hacking.
See also: ACCESS CONTROL, AUTHENTICATION, CERTIFICATION AUTHORITY
De Capitani di Vimercati, S., Foresti, S., Samarati, P. and Jajodia, S., 2007. Access control policies and languages. International Journal of Computational Science and Engineering, 3(2), 94–102, https://doi.org/10.1504/IJCSE.2007.015739.
De Capitani di Vimercati, S., Foresti, S., Samarati, P. and Jajodia, S., 2007. Access control policies and languages. International Journal of Computational Science and Engineering, 3(2), 94–102, https://doi.org/10.1504/IJCSE.2007.015739.