Authorization Patterns

Real-world systems live somewhere in between a perfect enforcement of least privilege and a system based solely on accountability. As computing and networking technology has matured, a variety of access-control schemes have been developed to try to balance these needs. These schemes represent broad philosophical frameworks that aid the development of access control policies as well as specify implementations for a particular scheme.

In practice, most organizations use a hybrid approach to access control where the resource owner tightly controls certain resources and custodians control other resources. For example, most organizations control access to the HR system in a very formal way, while allowing individual employees to determine who will see documents that they produce within some very broad guidelines.

Mandatory and Discretionary Access Control

One of the first organizations to systematically look at access control on computer systems was the Department of Defense. A 1983 Department of Defense publication called the Trusted Computer System Evaluation Criteria (TCSEC), but commonly referred to as "the orange book" because of the color of its cover, defined two modes of access control for the Department of Defense: mandatory access control and discretionary access control. In mandatory access control (MAC), the owner (or the owner's representative) sets the policy, and custodians and users are obligated to follow it. In discretionary access control (DAC

Get Digital Identity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.