Editing Authorization (section)

== Implementation ==
A widely used framework for authorizing applications is [[OAuth 2.0|OAuth 2]]. It provides a standardized way for third-party applications to obtain limited access to a user's resources without exposing their credentials.<ref name=":0">{{Cite book |last=Hingnikar |first=Abhishek |title=Solving Identity Management in Modern Applications |publisher=[[Apress]] |year=2023 |isbn=9781484282601 |edition=2nd |pages=63, 147 |language=en}}</ref>

In modern systems, a widely used model for authorization is [[role-based access control]] (RBAC) where authorization is defined by granting subjects one or more roles, and then checking that the resource being accessed has been assigned at least one of those roles.<ref name=":0" /> However, with the rise of social media, [[Relationship-based access control]] is gaining more prominence. <ref>{{Cite journal |last=Gates |first=Carrie |date=2007 |title=Access control requirements for web 2.0 security and privacy |url=https://www.researchgate.net/publication/240787391 |journal=IEEE Web |volume=2 |pages=12-15}}</ref>

Even when access is controlled through a combination of authentication and [[access control list]]s, the problems of maintaining the authorization data is not trivial, and often represents as much administrative burden as managing authentication credentials. It is often necessary to change or remove a user's authorization: this is done by changing or deleting the corresponding access rules on the system. Using [[Atomic Authorization|atomic authorization]] is an alternative to per-system authorization management, where a [[trusted third party]] securely distributes authorization information.