Monday, May 21, 2007

Authorization is the next battleground

James McGovern blogged about authorization a few days ago. His view is spot on to what I have been thinking. Enough already with authentication. Let's move on to the hard stuff like "provisional authorization" that James describes.

There's an elephant in the room out there folks and it's called authorization...

p.s. Gerry Gebel over at the Burton Group has a good blog entry on this topic.

Technorati Tags:

1 comment:

Dave Kearns said...

We concentrate on authentication because that's the "feeder document". If the authentication gets it wrong then no amount of authorization control will matter. And young James' prattling about "provisional authorization" overlooks lots of work on what I've called "contextual authorization" - authorization based on the context of the authentication. See for example.