摘要 |
In certain example embodiments, an extensible and/or distributed security system is provided. In certain example embodiments the security system provides authorization to a resource of a first application. In the first application, a security context is created and a client is authenticated to the first application. A request is accepted in the first application to access at least on resource. The first application communicates with an authorization application to determine authorization to the at least one resource. In the authorization application, an authorization process is executed which communicates with another application that defines a step of the authorization process for this resource. Based on that step, it is determined whether the first application allows access to the at least one resource for the client. |