Versions Compared

Old Version 11

changes.mady.by.user Sanjay Dalal (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Sanjay Dalal (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Div
stylefont-weight:bold;font-size:1.2em;
Authorization Service Home

Description

Excerpt

The Authorization Service manages the maintenance, auditing, and checking of authorizations.

The authorization will support process based security (e.g. ability to force add a student to a restricted section) and value based security (e.g. access to students in the Bachelor of Arts program) for individual principals and groups of principals. Access may be granted for specific periods of time.

...

  • A principal can be a person, but it can also be a non-human entity such as an application.
  • Some references are not updatable through this service, since the "core" information should poke through from the service of record.
  • All authorizations are explicit.
  • All authorizations are positive.
  • Finding all permissions delegated by a principal is handled through a search operation.
    • ~abucior Unlicensed user This may need to be restated. There's an expectation that you'll be able to determine the principal who granted the authorization, but since connections between authorizations aren't explicitly visible through the service (at the moment), you may not be able to directly distinguish a "grant" from a "delegate" operation.
  • Set up of roles, with associated permissions, etc. are handled in configuration.
  • Set up of role categories and qualifier types are handled in configuration.
  • Set up of qualifier hierarchies, including creation of "root" qualifier nodes, are handled in configuration.

...