Summary
Designing authorization rules within an Authorization OSID Provider can provide visibility in who has access to what and simplify base service implementations. Working from the authorization evaluation perspective can solve a difficult puzzle challenging for experienced architects. This is a case study of a project that tackles this problem.Authorization designs are some of the most difficult puzzles to solve in an enterprise system. Sprinkling authorization data into various services to surface what appears to be simple data can be inflexible and obtuse.
| Table of Contents |
|---|
The Student System Project
...
These iterations make an assumption. The assumption is part of the original functional requirement basing authorizations on organizations. It assumes that authorizations are completely derived from job positions and the organizational hierarchy. If this is the case, then in order to grant access to or remove a person from this authorization either requires changing their job appointments or having a conversation with requires using the Authorization OSID or the Resource OSID directly.
...