UsefulLinks
Computer Science
Cybersecurity
API Security
1. Introduction to API Security
2. Fundamental Security Principles
3. OWASP API Security Top 10
4. Authentication Mechanisms
5. Authorization and Access Control
6. Data Protection and Encryption
7. Traffic and Request Management
8. API Security in Development Lifecycle
9. API Security Testing
10. Monitoring and Incident Response
11. Advanced Security Architectures
12. Specialized API Security
13. Compliance and Governance
5.
Authorization and Access Control
5.1.
Authorization Concepts
5.1.1.
Authorization vs Authentication
5.1.2.
Permission Models
5.1.3.
Access Decision Points
5.1.4.
Policy Enforcement Points
5.2.
Role-Based Access Control
5.2.1.
Role Definition and Management
5.2.2.
Permission Assignment
5.2.3.
Role Hierarchies
5.2.4.
User-Role Mapping
5.2.5.
Dynamic Role Assignment
5.3.
Attribute-Based Access Control
5.3.1.
Attribute Categories
5.3.1.1.
Subject Attributes
5.3.1.2.
Resource Attributes
5.3.1.3.
Environment Attributes
5.3.1.4.
Action Attributes
5.3.2.
Policy Definition Language
5.3.3.
Dynamic Access Decisions
5.3.4.
Context-Aware Authorization
5.4.
Authorization Implementation
5.4.1.
Object Level Authorization
5.4.1.1.
Resource Ownership Validation
5.4.1.2.
Hierarchical Access Control
5.4.1.3.
Cross-Tenant Isolation
5.4.2.
Function Level Authorization
5.4.2.1.
Operation-Specific Controls
5.4.2.2.
Method-Level Security
5.4.2.3.
Administrative Function Protection
5.4.3.
Property Level Authorization
5.4.3.1.
Field-Level Access Control
5.4.3.2.
Data Filtering
5.4.3.3.
Conditional Field Access
5.5.
OAuth 2.0 Scopes
5.5.1.
Scope Definition and Management
5.5.2.
Granular Permission Control
5.5.3.
Scope Validation
5.5.4.
Dynamic Scope Assignment
5.6.
Policy Engines
5.6.1.
Centralized Policy Management
5.6.2.
Policy Decision Points
5.6.3.
Policy Information Points
5.6.4.
External Authorization Services
Previous
4. Authentication Mechanisms
Go to top
Next
6. Data Protection and Encryption