Representing Authorization Model
I read xacml [James McGovern] entry around representing the authorization model. He has raised a great point on how to translate the authorization use-case narratives in to a simple representations. So far based on the various conversations around the authorization models, I have not been able to find a way to represent the complete authorization model as a diagram. The simple reason being that at the core of the authorization model are business rule and it is tough to represent them as diagram. Let me elaborate on that. Basically, when you start looking at the authorization use-cases, at a very high level the following components typically form the part of the authorization data model Users and their organization into groups, roles, client organization, etc Resources and their organization into hierarchy, groups, etc Actions and probably some form of their organization Attributes of the user, resources (and may be actions), environment that help perform fine ...