Federated Authorization and Relationship
The post from James McGovern [duckdown.blogspot.com] on federated authorization resulted in response from Pat Patterson [blogs.sun.com] and Paul Madsen [connectid.blogspot.com]. First of all I would like to really thank Paul for providing the link to one of the best docs on entitlements that is out there i.e. Conceptual Grid Authorization Framework and Classification [gridforum.org]. It should be a required reading for all the people who enter in to this domain. But at the same time, I am disappointed that Paul missed another approach mentioned in the document ( or may be I am missing something). Pat rightly identified the 2 typical models that can be implemented and Paul extended it by coming up with all the permutation and combinations using various components. But all the model discussed look to be various permutation of just one model i.e. Authorization Pull Model where the resource is resposible to connect to the Decision Point to get the result. I think a hybrid of the "Aut