`
`About Authentication, Authorization, and Permissions
`
`About Authentication, Authorization, and Permissions
`
` means determining the identity of a user,
`Authentication and authorization are a key aspect of computer security.
`server, or client.
` means determining whether that user, server, or client as permission to do something.
`are settings on a file or other object that define who or what is allowed to use it and what they are allowed to do with it. This
`document describes the way macOS approaches authentication, authorization, and permissions.
`
` Authentication, authorization, and permissions are mostly relevant in the context of multiuser systems. As a result, this
`document only discusses macOS.
`
`At a Glance
`
`, macOS provides a wide range of security technologies that you can use when securing your
`As you saw in
`application and its data. Authentication, authorization, and permissions in macOS are largely based on two open-source standards:
`Mach and BSD. These technologies sit at the lowest layer of macOS. The cryptography used for storing passwords and other secret
`information is provided by higher level technologies, such as Common Crypto. Common Crypto is an Apple open source
`technology that provides support for symmetric and asymmetric encryption, hashing, and other cryptography-related tasks.
`
` Many macOS security services were originally built on top of CDSA, but that is now deprecated. See
` for information about CDSA.
`
`On top of these three technologies, macOS layers a number of security APIs (most of which are in the Core Services layer),
`including Security Transforms, the Security Interface framework, and Keychain Services. The Security Objective-C API is described
`in this document. The others are described in
`.
`
`macOS Provides Many Authentication and Identification Schemes and Technologies
`There are many different ways to do authentication and identification, and macOS provides a number of authentication-related
`APIs and UI elements to help you. macOS also provides a number of authentication features to help you integrate macOS into
`enterprise environments.
`
` Authentication and Identification In Depth
`
`https://developer.apple.com/library/archive/documentation/Security/Conceptual/AuthenticationAndAuthorizationGuide/Introduction/Introduction.h… 1/2
`
`Apple v. Maxell
`IPR2020-00202
`Maxell Ex. 2026
`
`Page 1 of 2
`
`Authentication
`Authorization
`Permissions
`Note:
`Security Overview
`Historical Note:
`Cryptographic Services Guide
`Cryptographic Services Guide
`Relevant Chapter:
`
`
`10/14/2020
`
`About Authentication, Authorization, and Permissions
`
`Authorization Services Provides Centralized Management of Privileges
`The Authorization Services API lets you run privileged helpers, and lets you use a single, central source of information for limiting
`what features of your app are usable by different accounts on the system. The Authorization Services API is not supported in
`sandboxed apps.
`
` Using Authorization
`
` Writing authorization plug-ins is beyond the scope of this document. To learn more about writing these plug-ins, read
`.
`
`Permissions and Access Control Limit Program Behavior
`macOS supports permissions systems at various levels of the system, from Mach ports to file system permissions and mandatory
`access control.
`
`The BSD portions of macOS provide fundamental services, including a user and group identification scheme, file system security
`policies based on users and groups, and network security policies.
`
`The Mach portions of the macOS kernel provide fundamental services, including memory management, process management,
`thread management, hardware abstraction (with the help of the I/O Kit), and Mach port-based communication. Mach enforces
`access by controlling which tasks can send a message to a given Mach port, where a Mach port represents a task or some other
`Mach resource.
`
` Understanding Permissions
`
`Prerequisites
`
`Before reading this document, you should be familiar with the concepts in
`
` and
`
`.
`
`See Also
`
`For more information on related technologies, consider the following documents:
`
`—Provides an overview of security concepts
`—Describes the cryptographic features of macOS and iOS
`—Describes how to write authorization services plug-ins for adding authentication schemes
`—Explains how to write code that is robust against security holes
`
`Copyright © 2003, 2013 Apple Inc. All Rights Reserved. Terms of Use | Privacy Policy | Updated: 2013-01-28
`
`https://developer.apple.com/library/archive/documentation/Security/Conceptual/AuthenticationAndAuthorizationGuide/Introduction/Introduction.h… 2/2
`
`Apple v. Maxell
`IPR2020-00202
`Maxell Ex. 2026
`
`Page 2 of 2
`
`Relevant Chapter:
`Note:
`Running At Login
`Relevant Chapter:
`Security Overview
`Secure Coding Guide
`Security Overview
`Cryptographic Services Guide
`Running At Login
`Secure Coding Guide
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
