Q: Is a authorization thus the function of the policy definition phase which precedes the policy enforcement phase where access requests are approved or disapproved based on the previously defined authorizations? ¶
A: Yes.
Q: Is an authorization a feature of trusted systems used for security or social control? ¶
A: Yes.
Q: Is a authorization the responsibility of an authority? ¶
A: Yes, such as a department manager, within the application domain, but is often delegated to a custodian such as a system administrator.
Q: Is an authorization a hold placed on a customer's account when a purchase is made using a debit card or credit card? ¶
A: Yes.
Q: Is an authorization an alternative to per-system authorization management? ¶
A: Yes, where a trusted third party securely distributes authorization information.
Q: Are authorizations expressed as access policies in some types of "policy definition application", e.g? ¶
A: Yes, in the form of an access control list or a capability, on the basis of the "principle of least privilege": consumers should only be authorized to access whatever they need to do their jobs.