next up previous
Next: Data Privacy Up: Components: Things and Actions Previous: Authentication


The authorization service grants capabilities to principals. Protected objects in the environment have access control lists (ACLs). Before access is granted to a protected object, the principal's capability is compared to the ACL and the associated permission is granted or denied.

ACL actions include create, modify, delete, and validate.

Ronald LeRoi Burback