(See my previous post for a broad-brush, ruthless condensation of the JACC specification.)
One thing I found while going through the specification and writing a JACC implementation is that most of the effort involved has to do with Policy delegation.?? I've run into this in the past, too, in a non-JACC scenario.?? Briefly: in any non-trivial authorization system, you're going to ultimately have to combine the results from various Policy implementations in some kind of chained delegation model. As I said, I've had to write such a thing several times now which means it's time to abstract it out.?? :-)?? Watch this space for a general-purpose Policy delegation and combining framework.
Advertisements
