This document discusses lasagna and why it is better than spaghetti. It begins with a brief history of pasta, noting how lasagna kicked spaghetti out. It then suggests that code can feel like spaghetti and introduces the idea of using attributes and policies to control access in a more organized way, similar to the layers in lasagna. Finally, it promotes putting authorization at different layers in applications, similar to the layers in baking lasagna.
29. Summary
Acronym
Name
DescripJon
EAM
eXternalized
Authoriza/on
Management
The
act
of
cleanly
separa0ng
business
logic
from
authoriza0on
logic
and
maintaining
each
one
independently
ABAC
APribute-‐based
access
control
An
authoriza0on
model
whereby
parameters
about
the
user,
resource,
ac0on,
and
environment
can
be
used
to
determine
access
PBAC
Policy-‐based
access
control
An
authoriza0on
model
which
uses
a<ributes
combined
together
inside
policies
to
define
granted
or
denied
access
XACML
eXtensible
Access
Control
Markup
Language
The
standard
implementa0on
of
ABAC
and
PBAC
–
done
by
OASIS.