[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [cloudauthz] Gartner's definitions for Entitlements
"Entitlements" term has been popularized by Gartner (Identity and Access Management Defined in 100 Tweets (and Change) as follows: -
IAM can be viewed as a set of complex functions that manipulate or consume three kinds of data: identity, entitlement and activity data. - Entitlement data describes entitlements (permissions and so on) — expressions of the ways that users are allowed to interact with resources.
More About Entitlements Within different applications and OSs, entitlements are specified in different, often proprietary, ways. Entitlement data is typically associated with a specific resource or an intermediate construct that maps to one or more resources. Entitlements may be assigned directly to individual user identities or to an intermediate construct, such as a group or a role. Current entitlement life cycle management (ELCM) tools specify entitlements in an abstract policy and can support ABAC. In current Gartner terminology, PAPs perform entitlement administration, and together, PDPs and PEPs perform entitlement resolution. ELCM tools can abstract PAP and PDP functions from target systems, which typically retain PEP functions. In addition, "authorization" is sometimes given as a synonym for an "entitlement" (see entitlement). Some writers (see, for example, the Wikipedia entry for "access control") passionately deprecate the way in which we use "authorization." Nevertheless, all these meanings can be found in any number of canonical security and IAM glossaries, and we follow the sense of OASIS SAML and XACML usage.
To avoid ambiguity, we believe an organization's IAM architecture should use the term in only one clearly documented sense and use equally clearly documented synonyms for the others — for example, "approval," "entitlement assignment" and "entitlement." We're not specifically advocating the use of those terms, only the consistent use of a set of distinct and unambiguous terms. Gartner’s Glossary Definitions permission: See entitlement. privilege: See entitlement. right: See entitlement. rule: See entitlement. entitlement: An _expression_ of the ways in which users
can interact with resources. Entitlements are also called "access permissions," "access rights," "authorizations," "permissions," "privileges," "rights" or "rules." Within some systems, more than one of these terms may be used, with different shades of meaning attached to each, but by and large, these terms tend to be used interchangeably. Gartner research aims to use "entitlements" consistently, but sometimes uses "privileges" to distinguish the special high-level entitlements linked with system administrators and the like (see "Best Practices for Managing SuperUser Privileges"). Radu Marian,
Bank of America -
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]