Talk:Authorization (computer access control)
Original research rant?
The entire theme of this article seems to be to refute the idea of authorization being the action of authorizing, and that it can only be policy making. So Cisco et all were wrong? All based on what seems to be rather weak reasoning:
"It would be absurd to interpret confidentiality as "ensuring that information is accessible only to those who are granted access when requested", because people who access systems e.g. with stolen passwords would then be "authorized".
So when a door is marked "authorized personnel only," trespassing isn't possible? Can one not be authorized under false pretense? The whole Wiki-rampage against a common use of the word seems pointless and unnecessary. Authorization involves creating policy and enforcing it. And if it doesn't, this article needs to better describe why not. —Preceding unsigned comment added by 188.8.131.52 (talk) 07:45, 22 April 2009 (UTC)
Broader Understanding of Authorisation
In computer security authorisation is not necessarily provided by the operation system. Consider the EBay SDK, for example.jhhjhjk.
- Agreed. I have recast the lead a little. Anyone want to tackle the rest of the article? Rupert Clayton (talk) 17:11, 11 December 2007 (UTC)
This is certainly not the only context in which the worhuhu .s are relevant to be described here as well. --Blonkm 17:52, 21 September 2006 (UTC)
- A more general article on authorization is needed. This article is about a specific form of authorization, therefore, I've renamed the page to Authorization (computer access control). The Transhumanist 01:03, 3 December 2014 (UTC)
Confusion with authentication
The article mentions authentication, but this is a very different concept and should not be confused.
- Agreed. I have tried to make the difference clear in the lead. Rupert Clayton (talk) 17:11, 11 December 2007 (UTC)
Access without unique identity
The article states: "On a distributed system, it is often desirable to grant access without requiring a unique identity". I don't understand this, on any serious distributed system surely it is normal only to grant access to objects to users who are authenticated and authorized? Aarghdvaark (talk) 03:12, 14 November 2008 (UTC)