A Consistent Definition of Authorization

摘要

A shared understanding of terms and concepts is a condition for meaningful discussions in any domain of scientific investigation and industrial development. This principle also applies to the domain of information security. It is therefore problematic when central terms are assigned inconsistent meanings in the literature and mainstream textbooks on information security. In particular, this is case for the concept of 'authorization' for which the security community still has not arrived at a clear and common understanding. We argue that there can only be one interpretation of authorization which is consistent with fundamental security concepts. Consistent definitions of security terms are important in order to support good learning and practice of information security. The proposed definition of authorization is not only consistent with other fundamental security terms, it is also simple, logical and intuitive.