Skip to main content

authorization

Definition

Is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular.

More formally, "to authorize" is to define an access policy.

KERI specific

Authorizations have the form of a signed authorization statement where the statement typically includes the AID under which the authorization is issued. A verifier may then verify the authorization by verifying the attached signature using the keys that were authoritative at the time the authorization was issued. These authorizations are secure to the extent that the established control authority is secure. The authorizations inherit their security from their associated AID.

W3C VC form

Authorizations may take many forms. One form of particular interest is the W3C Verifiable Credential VC standard. Verifiable credentials use the W3C Decentralized Identifier DID standard. The DID standard provides name spacing syntax for decentralized identifiers that is evocative of URIs. A given DID may be a type of AID but not all DIDs are AIDs. Furthermore, because AIDs may use other name space syntax standards besides DIDs, not all AIDs are DIDs. KERI itself is name space agnostic so may be used to support AIDs in any name space that accepts pseudo-random strings as an element.