What follows is the initial post and a summary of comments \[TBD\] of a [thread|^lateNightThoughtsAuthZ.pdf] on MACE-Paccman and REFEDS about authorization in federated environments. Wiki Markup
To paraphrase Roland Hedberg, it is high time to seriously address authorization as we work on our (inter-)federation identity and access management (IAM) infrastructures. Two patterns are commonly found today, depending on whether the locus of authorization evaluation is at the IdP or RP and I would argue that there is a third alternative that is worthy of consideration.
...