Home

Authorizers

Authorizers are components in information systems that evaluate whether a given subject should be allowed to perform a requested action on a resource. They operate after identity has been established through authentication and may incorporate additional factors such as time, location, or device posture. Authorizers enforce access control policies that can be expressed through models like role-based access control (RBAC), attribute-based access control (ABAC), or policy-based access control (PBAC), as well as through policy languages.

In practice, an authorizer may reside in an API gateway, a web application firewall, a cloud identity

Policy languages and tooling used by authorizers include XACML, Rego with Open Policy Agent (OPA), cloud provider

Key considerations for authorizers include performance, policy complexity, data freshness, and auditability. Centralized authorizers can simplify

See also: access control, identity and access management, OAuth, OpenID Connect, RBAC, ABAC, PBAC, XACML, and Open

and
access
management
service,
or
a
microservices
sidecar.
The
authorizer
inspects
the
subject’s
identity
and
attributes,
the
action,
the
resource,
and
contextual
data,
then
returns
a
decision
to
permit
or
deny,
sometimes
accompanied
by
scope,
claims,
or
constraints.
IAM
policies,
and
tokens
carrying
authorization
data
such
as
OAuth
2.0
or
OpenID
Connect
claims.
Some
systems
employ
centralized
authorizers
for
governance,
while
others
use
distributed
or
per-service
authorizers;
decisions
can
be
stateless
or
stateful.
management
but
may
become
bottlenecks;
distributed
approaches
can
improve
scalability
but
require
consistent
policy
administration
and
versioning.
Policy
Agent.