What is Authorization?
After a user has been authenticated, the next step is to enforce the permissions or entitlements a user has. Authorization is the real-time access process that determines what you’re allowed to see and do within an application. It’s a key method for making sure access is appropriate, and it can be enforced in two general ways: through checking a user’s group membership or checking the value of specific user attributes.
What are the challenges for Authorization in a distributed environment?
Whether authorization decisions are based on groups membership or attributes, if this information is spread across a number of data sources (which may be accessed via different protocols, use different formats, and support different kinds of groups), or is insufficient to support changing requirements, it will be difficult to gather the necessary data for the Authorization engine to make its decisions.