Authorization (AZN) API
Copyright © 2000 The Open Group

Frontmatter


Open Group Technical Standard
Authorization (AZN) API
Document Number: C908
ISBN: 1-85912-266-3


©January 2000, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owners.


Any comments relating to the material contained in this document may be submitted to The Open Group at:

The Open Group
Apex Plaza
Forbury Road
Reading
Berkshire, RG1 1AX
United Kingdom
or by electronic mail to:
OGSpecs@opengroup.org

Preface

The Open Group

The Open Group is a vendor and technology-neutral consortium which ensures that multi-vendor information technology matches the demands and needs of customers. It develops and deploys frameworks, policies, best practices, standards, and conformance programs to pursue its vision: the concept of making all technology as open and accessible as using a telephone.

The mission of The Open Group is to deliver assurance of conformance to open systems standards through the testing and certification of suppliers' products.

The Open group is committed to delivering greater business efficiency and lowering the cost and risks associated with integrating new technology across the enterprise by bringing together buyers and suppliers of information systems.

Membership of The Open Group is distributed across the world, and it includes some of the world's largest IT buyers and vendors representing both government and commercial enterprises.

More information is available on The Open Group Web Site at http://www.opengroup.org.

Open Group Publications

The Open Group publishes a wide range of technical documentation, the main part of which is focused on development of Technical and Product Standards and Guides, but which also includes white papers, technical studies, branding and testing documentation, and business titles. Full details and a catalog are available on The Open Group Web Site at http://www.opengroup.org/pubs.

In addition, The Open Group publishes Product Documentation. This includes product documentation-programmer's guides, user manuals, and so on-relating to the DCE, Motif, and CDE. It also includes the Single UNIX Documentation, designed for use as common product documentation for the whole industry.

Versions and Issues of Specifications

As with all live documents, Technical Standards and Specifications require revision to align with new developments and associated international standards. To distinguish between revised specifications which are fully backwards compatible and those which are not:

Corrigenda

Readers should note that Corrigenda may apply to any publication. Corrigenda information is published on The Open Group Web Site at http://www.opengroup.org/corrigenda.

Ordering Information

Full catalog and ordering information on all Open Group publications is available on The Open Group Web Site at http://www.opengroup.org/pubs.

This Document
This document is a Technical Standard.

A generally accepted definition of Authorization is "the granting of access rights to a subject - for example, a user, or a program." Within this definition, we need to distinguish between the administrative act of asserting that a subject should be granted access rights (which we define as a "set of privilege attributes"), and the operational (control) act of allowing a subject to access a resource after determining that they hold the required set of privilege attributes.

This Technical Standard defines a generic application programming interface (API) for access control, in systems whose access control facilities conform to the architectural framework described in International Standard ISO 10181-3 (Access Control Framework).

The API defined in this document does not provide for privilege attribute administration, although it does provide facilities which allow a subject to control which of its privilege attributes are used to authorize a particular access request (such facilities are often called "least privilege").

Typographical Conventions
The following typographical conventions are used throughout this document:

Trademarks

Motif®, OSF/1®, UNIX®, and the "X Device" are registered trademarks and IT DialToneTM; and The Open GroupTM; are trademarks of The Open Group in the U.S. and other countries.

Acknowledgements

The Open Group gratefully acknowledges the the work of DASCOM Inc. in developing this specification. In particular, the main authors from DASCOM Inc. are:

Bob Blakley

Warwick Burrows

Greg Clark

Adam Murdoch

Frank Siebenlist

Members of The Open Group Security Program Group have contributed to this specification by reviewing drafts. In particular, thanks are due to the representatives from the following companies:

Hewlett-Packard Company

IBM Corporation

Sun Microsystems, Inc.

Entrust Technologies

Baltimore Technologies

Referenced Documents

The following documents are referenced in this Technical Standard:

ACF

Access Control Framework for Distributed Applications, draft-ietf-cat-acc-frmw-01.txt, 11/17/1998.

AZN_Rqts

Authorization Service API Requirements, Draft 0.3, The Open Group Security Program Group, 10/16/1998.

COS

CORBA Services: Common Object Services Specification, Chapter 15: Security Service Specification, OMG.

DCE_DSS

CAE Specification, August 1997, DCE 1.1: Authentication and Security Services (C311), published by The Open Group.

GAA

Generic Authorization and Access control Application Program Interface, C bindings, draft-ietf-cat-gaa-cbind-01.txt, 11/1998.

ISO/IEC 7498-2

The ISO Security Architecture, ISO/IEC 7498.2.

ISO/IEC 10181-3

The Access Control Framework, ISO/IEC 10181-3.

RFC1508

Generic Security Service API, IETF-RFC 1508, J. Linn, 9/1993.

RFC1509

Generic Security Service API: C-bindings, IETF-RFC 1509, J. Wray, 9/1993.

UTF-8

UTF-8, a transformation format for Unicode and ISO 10646, ietf-rfc 2044, October 1996.

XDAS

Preliminary Specification, January 1997, Distributed Audit Service (XDAS) (ISBN: 1-85912-139-X, P441), published by The Open Group.

XGSS

Extended Generic Security Service APIs: XGSS-APIs, Access control and delegation extensions, draft-ietf-cat-xgssapi-acc-cntrl-03.txt, 11/09/1998.


Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.

Contents Next section Index