Securing Enterprise Wide Authorization Management Through Delegation

摘要

Authorization follows authentication in a system security implementation. While authentication controls system login, authorization controls resources access and permissions. Resources have definite ownership relations, in term of users ownerships and groups ownerships. Managing authorization is tedious due to complex relationships between ownerships, resources and permissions. A group defined as a collection of users or resources can be used to reduce the number of existing relationships and thus ease authorization management tasks. It is natural that authorization management of resources falls on the hands of resource owners through delegation. Managing authorization using a Web based management application will provide a higher level abstraction which can facilitate in implementing such distributed management framework. Managers and users a like, will be assisted with an effective and economical management tools, which, in turn will increase the system's security level.