Authorization or Authority
A minimal statement.
Abstract
This paper presents a minimal structural formulation of authorization and its relationship to authority in systems where actions occur.
Authorization is defined as the condition that permits an action, and is distinguished between explicit and implicit forms. Explicit authorization is attributable, contemporaneous, bounded, and revocable. Implicit authorization arises whenever permission is derived from persistence, system state, prior events, or process outputs rather than from contemporaneous authorization.
The central invariant established is that when actions occur without contemporaneous authorization from their origin, permission has been retained by the system. Retained permission constitutes implicit authorization, which accumulates over time. This accumulation is defined as authority.
The result is a binary classification of systems: those that require explicit authorization for every action, and those in which authority emerges.