|
|
|
|
|
|
by jmsgwd
749 days ago
|
|
|
As an example, look at how NIST define "permission" in one of the early RBAC papers:
https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir6192.pdf Here "permission" is defined as an "Operation/Object pair" - for example, read/write/execute access to a particular file. But crucially, there's no user involved (yet). That's where authorization comes in. When a permission becomes associated with a user (in this case via roles), you have authorization. This sense of the word "permission" has now become very well established in the field of identity and access control. |
|
|
The proposed renaming seems like it would solidify the lack of understanding, which would be an undesirable outcome.