An essential non-functional requirement of any system is security. Different categories of users are allowed to perform different functions, and these requirements are satisfied by the two-pronged approach of authentication and authorisation. Authentication is pretty well covered by existing frameworks while authorisation is feasible but less elegant. How can this be improved? First, a quick …

Continue reading »