CDNWiki - View Source: RobertButler/Authorization

!!! [HMAC Authentication|RobertButler/Authentication]
!!! [HMAC Authorization|RobertButler/Authorization]

* ACL-type
* Groupings possible (which inherit groups of ACLs)
** Groups are users with one level of indirection.
* Permissions based
** Expensive permissions checks are done once, when asking for permission
** Permissions only requested when needed for the session
*** Saves processing time for simple one-time actions
** Once permission is granted, token is 'upgraded' to include the requested permission
** Frequent permissions checks check only the token, not the ACL table.