Jump To:
Leopard Reference Library: Security
Authorization grants an entity--such as a user or process--permission to make use of a particular service and determines exactly what the entity is permitted to do with that service. For example, Authorization Services is used to determine whether a specific user should be allowed to change a system preference. Developers can use authorization programming interfaces to control access to services provided by their applications. Both Objective-C and procedural C interfaces are provided.

Document Descriptions
On Off
Display

Sort by
Title
Sort by
Resource Type
Sorted by
Date
Authorization Services Programming Guide (HTML) (PDF)
Explains how to add fine-grained control of privileged operations in an application.
Guides 2009-01-06
SFAuthorization Class Reference (HTML) (PDF)
Describes the class used to restrict a user's access to particular features in a Mac OS X application or daemon.
Reference 2009-01-06
Certificate, Key, and Trust Services Programming Guide (HTML) (PDF)
Shows how to evaluate trust for a certificate and recover from a trust failure.
Guides 2008-11-19
Certificate, Key, and Trust Services Reference (HTML) (PDF)
Describes services to read and evaluate certificates and to use cryptographic keys.
Reference 2008-11-19
Running At Login (HTML)
TN2228: Describes how to write code that's coordinated with the login process.
Technical Notes 2008-09-16
Debugging An Authorization Plug-In With Xcode (HTML)
TN2108: A tutorial on how to use Xcode to debug an authorization plug-in.
Technical Notes 2008-09-08
Authorization for Everyone (HTML)
TN2095: Describes applications of Authorization Services beyond simple privilege requesting.
Technical Notes 2008-01-30
BetterAuthorizationSample (HTML) (DMG) (ZIP)
Shows the recommended way to access privileged functionality from a non-privileged application on Mac OS X.
Sample Code 2007-11-27
NullAuthPlugin (HTML) (DMG) (ZIP)
Use this as a template for writing an authorization plugin, or as a tool to debug the authorization process.
Sample Code 2007-10-26
Authorization Plug-in Reference (HTML) (PDF)
Describes the C API for implementing an authorization plug-in.
Reference 2007-05-15
KauthORama (HTML) (DMG) (ZIP)
Prints each Kauth request, illustrating how Kauth interacts with high-level operations, like copying files.
Sample Code 2007-04-30
Describing the kSecTrustResultUnspecified error. (HTML)
QA1360: Explaining the semantics behind the kSecTrustResultUnspecified error returned by the Security APIs.
Technical Q&As 2007-02-05
Kernel Authorization (HTML)
TN2127: Describes the kernel authorization (kauth) subsystem and its associated KPI.
Technical Notes 2007-01-16
AuthorizationCreateFromExternalForm 100022 Error Explained (HTML)
QA1498: Explains the undocumented 100022 return value from AuthorizationCreateFromExternalForm.
Technical Q&As 2007-01-04
Programmatically Accessing and Manipulating Multiple Keychain Items (HTML)
QA1486: An explanation on what is and is not possible using the SecKeychain API to manipulate Keychain Items.
Technical Q&As 2006-10-03
NameAndPassword (HTML) (DMG) (ZIP)
NameAndPassword is a SFAuthorizationPluginView subclass example.
Sample Code 2006-07-28
IdentitySample (HTML) (DMG) (ZIP)
IdentitySample builds a utility which demonstrates how to use the CoreServices Identity API to manage system-wide identities
Sample Code 2006-07-27
Security Interface Framework Reference (HTML) (PDF)
Describes the Objective-C API for creating views and dialogs relating to authorization, certificates, and keychains.
Reference 2006-07-14
SFAuthorizationPluginView Class Reference (HTML) (PDF)
Describes the class an authorization plug-in uses to display a custom view within the Apple-supplied authorization views.
Reference 2006-07-14
Security Foundation Framework Reference (HTML) (PDF)
Describes the Security Foundation framework for adding fine-grained control of privileged operations in an application.
Reference 2006-05-23
SecurityInterface Data Types Reference (HTML) (PDF)
Describes the data types found in the Security Interface framework.
Reference 2006-05-23
SFAuthorizationView Class Reference (HTML) (PDF)
Describes the class that displays a lock icon that indicates a user interface has restricted access.
Reference 2006-05-23
Authorization Services C Reference (HTML) (PDF)
Describes the C API for adding fine-grained control of privileged operations in an application.
Reference 2005-11-08
AuthForAll (HTML) (DMG) (ZIP)
Shows how to use Authorization Services to create a self-restricted application.
Sample Code 2005-10-26
Apple Trust Policy Module Functional Specification (PDF)
Specification for Apple's implementation of the Trust Policy (TP) CDSA plug-in.
Reference 2005-01-25
Apple Certificate Library Functional Specification (PDF)
Specifications for Apple's implementation of the Certificate Library CDSA plug-in.
Reference 2005-01-13
MoreIsBetter (HTML) (DMG) (ZIP)
Library providing indispensable wrapers and workarounds for many areas of Mac OS programming.
Sample Code 2003-10-27
Security Credentials (HTML) (日本語 HTML)
QA1277: Discusses AuthorizationCopyRights and the relationship between Authorization Services, authorization sessions, Security Server, credentials, and the credentials cache.
Technical Q&As 2003-08-06
QISA (HTML) (DMG) (ZIP)
Demonstrates the basics of writing an Internet setup assistant for traditional Mac OS and Mac OS X.
Sample Code 2003-05-15
Be careful when using AuthorizationCreate (HTML) (日本語 HTML)
QA1172: Explains why you should avoid determining allowable rights when creating an AuthorizationRef.
Technical Q&As 2002-09-20
Stay away from custom Authorization dialogs (HTML) (日本語 HTML)
QA1199: Explains why you shouldn't create a custom authorization dialog.
Technical Q&As 2002-09-20