Overview[]
The International Organization for Standardization (ISO) Standard 10181-3
| “ | defines a standard model and standard terminology for authorization in an information technology and communications context. In the ISO model, authorization decisions are based on authorization policy, resource attributes (such as sensitivity of the data), context attributes (such as time of day), request attributes, and subject attributes. Subject attributes might include the requester's name and privilege attributes, such as job role, group memberships, or security clearance.[1] | ” |