Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Wiki Markup
{div:style=font-weight:bold;font-size:1.2em;}[Authorization Service Home]{div}

...

  • A principal can be a person, but it can also be a non-human entity such as an application.
  • Some references are not updatable through this service, since the "core" information should poke through from the service of record.
  • All authorizations are explicit.
  • All authorizations are positive.
  • Finding all permissions delegated by a principal is handled through a search operation.
    • Unlicensed user This may need to be restated. There's an expectation that you'll be able to determine the principal who granted the authorization, but since connections between authorizations aren't explicitly visible through the service (at the moment), you may not be able to directly distinguish a "grant" from a "delegate" operation.
  • Set up of roles, with associated permissions, etc. are handled in configuration.
  • Set up of role categories and qualifier types are handled in configuration.
  • Set up of qualifier hierarchies, including creation of "root" qualifier nodes, are handled in configuration.

...