Monday, December 17, 2012

Going beyond simple authorization - taking context into account

Patrice Goutin from Oracle has written a useful guide to taking context into account for authorization decisions made with Oracle Enterprise Gateway (OEG) and Oracle Entitlements Server (OES). He uses the example of an art gallery which takes each employee's experience into account when allowing them to handle certain paintings. This goes beyond a simple authorization rule ("this employee can do this, this other employee can do that") or even Role-Based Access Control (where you'd have to assign employees to roles). Context is important. Other examples of contextual decisions, which you can also implement using OEG and OES, include controlling access to services based on where a client connects from, or what device they are using.