93 - System Security - Access Control
The process of granting or denying specific requests
Collection of rules that specify the access rights a principal has on an object
Right to access assigned to individuals at discretion of owner
Individuals labelled with security levels/clearance ,partially ordered, and each get set of rights based on label
Access Control where authorization is determined by evaluating attributes and circumstances
Access rights are assigned to executables, policies refer to origin, code integrity or other properties
Delegation/Granting - Granting access rights or getting them
Revocation - Losing access rights
Digitally signed data structure linking an entity to attributes
Something presented to gain access
Stores the result of some authorization decision
A script may only connect back to its origin, cookie is only included in requests to the domain that placed it
Introuced to overcome SOP limitation, script can be allowed to request connection to non-origin targets