In the world of connected Web services, security is a central issue. However, transaction handling, reliable messaging, and performance are other issues that present significant challenges. All of these issues are helped by addressing the need for fine-grained, dynamic authorization. In this article, I show you how to engineer an approach for the declarative specification of authorization requirements for individual service endpoints. I deliberately use the verb "engineer" as opposed to craft or program because my focus here is on building a solid solution from ready-made parts of the platform and tools available.
|
