Jump To:
Leopard Reference Library: Security
Authorization grants an entity--such as a user or process--permission to make use of a particular service and determines exactly what the entity is permitted to do with that service. For example, Authorization Services is used to determine whether a specific user should be allowed to change a system preference. Developers can use authorization programming interfaces to control access to services provided by their applications. Both Objective-C and procedural C interfaces are provided.

Document Descriptions
On Off
Display

Sorted by
Title
Sort by
Resource Type
Sort by
Date
Apple Certificate Library Functional Specification (PDF)
Specifications for Apple's implementation of the Certificate Library CDSA plug-in.
Reference 2005-01-13
Apple Trust Policy Module Functional Specification (PDF)
Specification for Apple's implementation of the Trust Policy (TP) CDSA plug-in.
Reference 2005-01-25
AuthForAll (HTML) (DMG) (ZIP)
Shows how to use Authorization Services to create a self-restricted application.
Sample Code 2005-10-26
Authorization for Everyone (HTML)
TN2095: Describes applications of Authorization Services beyond simple privilege requesting.
Technical Notes 2008-01-30
Authorization Plug-in Reference (HTML) (PDF)
Describes the C API for implementing an authorization plug-in.
Reference 2007-05-15
Authorization Services C Reference (HTML) (PDF)
Describes the C API for adding fine-grained control of privileged operations in an application.
Reference 2005-11-08
Authorization Services Programming Guide (HTML) (PDF)
Explains how to add fine-grained control of privileged operations in an application.
Guides 2009-01-06
AuthorizationCreateFromExternalForm 100022 Error Explained (HTML)
QA1498: Explains the undocumented 100022 return value from AuthorizationCreateFromExternalForm.
Technical Q&As 2007-01-04
Be careful when using AuthorizationCreate (HTML) (日本語 HTML)
QA1172: Explains why you should avoid determining allowable rights when creating an AuthorizationRef.
Technical Q&As 2002-09-20
BetterAuthorizationSample (HTML) (DMG) (ZIP)
Shows the recommended way to access privileged functionality from a non-privileged application on Mac OS X.
Sample Code 2007-11-27
Certificate, Key, and Trust Services Programming Guide (HTML) (PDF)
Shows how to evaluate trust for a certificate and recover from a trust failure.
Guides 2008-11-19
Certificate, Key, and Trust Services Reference (HTML) (PDF)
Describes services to read and evaluate certificates and to use cryptographic keys.
Reference 2008-11-19
Debugging An Authorization Plug-In With Xcode (HTML)
TN2108: A tutorial on how to use Xcode to debug an authorization plug-in.
Technical Notes 2008-09-08
Describing the kSecTrustResultUnspecified error. (HTML)
QA1360: Explaining the semantics behind the kSecTrustResultUnspecified error returned by the Security APIs.
Technical Q&As 2007-02-05
IdentitySample (HTML) (DMG) (ZIP)
IdentitySample builds a utility which demonstrates how to use the CoreServices Identity API to manage system-wide identities
Sample Code 2006-07-27
KauthORama (HTML) (DMG) (ZIP)
Prints each Kauth request, illustrating how Kauth interacts with high-level operations, like copying files.
Sample Code 2007-04-30
Kernel Authorization (HTML)
TN2127: Describes the kernel authorization (kauth) subsystem and its associated KPI.
Technical Notes 2007-01-16
MoreIsBetter (HTML) (DMG) (ZIP)
Library providing indispensable wrapers and workarounds for many areas of Mac OS programming.
Sample Code 2003-10-27
NameAndPassword (HTML) (DMG) (ZIP)
NameAndPassword is a SFAuthorizationPluginView subclass example.
Sample Code 2006-07-28
NullAuthPlugin (HTML) (DMG) (ZIP)
Use this as a template for writing an authorization plugin, or as a tool to debug the authorization process.
Sample Code 2007-10-26
Programmatically Accessing and Manipulating Multiple Keychain Items (HTML)
QA1486: An explanation on what is and is not possible using the SecKeychain API to manipulate Keychain Items.
Technical Q&As 2006-10-03
QISA (HTML) (DMG) (ZIP)
Demonstrates the basics of writing an Internet setup assistant for traditional Mac OS and Mac OS X.
Sample Code 2003-05-15
Running At Login (HTML)
TN2228: Describes how to write code that's coordinated with the login process.
Technical Notes 2008-09-16
Security Credentials (HTML) (日本語 HTML)
QA1277: Discusses AuthorizationCopyRights and the relationship between Authorization Services, authorization sessions, Security Server, credentials, and the credentials cache.
Technical Q&As 2003-08-06
Security Foundation Framework Reference (HTML) (PDF)
Describes the Security Foundation framework for adding fine-grained control of privileged operations in an application.
Reference 2006-05-23
Security Interface Framework Reference (HTML) (PDF)
Describes the Objective-C API for creating views and dialogs relating to authorization, certificates, and keychains.
Reference 2006-07-14
SecurityInterface Data Types Reference (HTML) (PDF)
Describes the data types found in the Security Interface framework.
Reference 2006-05-23
SFAuthorization Class Reference (HTML) (PDF)
Describes the class used to restrict a user's access to particular features in a Mac OS X application or daemon.
Reference 2009-01-06
SFAuthorizationPluginView Class Reference (HTML) (PDF)
Describes the class an authorization plug-in uses to display a custom view within the Apple-supplied authorization views.
Reference 2006-07-14
SFAuthorizationView Class Reference (HTML) (PDF)
Describes the class that displays a lock icon that indicates a user interface has restricted access.
Reference 2006-05-23
Stay away from custom Authorization dialogs (HTML) (日本語 HTML)
QA1199: Explains why you shouldn't create a custom authorization dialog.
Technical Q&As 2002-09-20