Authorization Open Service Interface Definition
Encyclopedia
The Authorization Open Service Interface Definition (OSID) is an O.K.I. specification which provides the means to define who is authorized to do what, when. OSIDs are programmatic interfaces which comprise a Service Oriented Architecture for designing and building reusable and interoperable software.
Authorizations associate Agents, which represent the user or another actor in the system, with Functions and Qualifiers. One can think of Authorization in terms of a grammar
where an Agent is a noun
, Functions are operations or verbs, and Qualifiers are objects of the operation. An authorization
can then be read as a sentence.
For example, Jeff (an Agent) can write checks (a Function) on the Department account (a Qualifier). Since a system may have many Qualifiers they might be represented using a Hierarchy. For example, the Software Engineering Department account (a Qualifier) can have sub-accounts for Web Development (another Qualifier) and Database Development (a third Qualifier). If Jeff (our Agent) is explicitly authorized to write checks (the Function) on the Software Engineering account (the explicitly stated Qualifier), he is implicitly authorized to write checks on the Web and Database Development accounts.
An Agent in the Authorization OSID is represented using a unique identifier which can be examined via the Agent OSID.
Authorizations associate Agents, which represent the user or another actor in the system, with Functions and Qualifiers. One can think of Authorization in terms of a grammar
Grammar
In linguistics, grammar is the set of structural rules that govern the composition of clauses, phrases, and words in any given natural language. The term refers also to the study of such rules, and this field includes morphology, syntax, and phonology, often complemented by phonetics, semantics,...
where an Agent is a noun
Noun
In linguistics, a noun is a member of a large, open lexical category whose members can occur as the main word in the subject of a clause, the object of a verb, or the object of a preposition .Lexical categories are defined in terms of how their members combine with other kinds of...
, Functions are operations or verbs, and Qualifiers are objects of the operation. An authorization
Authorization
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
can then be read as a sentence.
For example, Jeff (an Agent) can write checks (a Function) on the Department account (a Qualifier). Since a system may have many Qualifiers they might be represented using a Hierarchy. For example, the Software Engineering Department account (a Qualifier) can have sub-accounts for Web Development (another Qualifier) and Database Development (a third Qualifier). If Jeff (our Agent) is explicitly authorized to write checks (the Function) on the Software Engineering account (the explicitly stated Qualifier), he is implicitly authorized to write checks on the Web and Database Development accounts.
An Agent in the Authorization OSID is represented using a unique identifier which can be examined via the Agent OSID.