O'Reilly logo

Software Fortresses: Modeling Enterprise Architectures by Janet Van Sickler, Roger Sessions

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7.8. Authorization

Authorization refers to the ability to determine, not on the basis of the fortress making the request but on the basis of the information in the request itself, whether the request being made is allowable. As a simple example, imagine Bart the bad guy is sitting at a browser and asks that 1,000 dollars be removed from Alice's account. He knows Alice's account number but not her password. This request should be rejected. The reason for rejecting the request is not that Bart's browser is an untrusted source. Gwen, sitting in a presentation fortress, has no problem with Bart's browser. The request should be rejected because there is a problem with the data in the infogram.

Solving authorization problems generally requires deferring ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required