First – Simply Stated – Authorization is hard – This post is intended to help break it down into several easier to understand concepts High Level DefinitionPoliciesBusiness Logic in AuthorizationRequirementsAuthentication Status RequirementIdentity Type Membership RequirementResource Ownership / Association RequirementPermission Assignment RequirementGeneral Permission AssignmentsResource Access Control List (ACL) AssignmentsAssignments by Grouping ConstructsRole-Based Access Control (RBAC)Other GroupingContinueContinue reading “Breaking Down Fine-Grained Authorization”
Category Archives: Uncategorized
What is a Microservice?
A microservice is an encapsulation of closely related functional capabilities within a domain set which should be available, secured, persisted, mutated, and maintained autonomously and atomically. As I see it, microservices are the evolution of service oriented architecture (SOA) and domain driven design (DDD) concepts. Autonomous To be autonomous, means that a microservice requires noContinueContinue reading “What is a Microservice?”
Using ClaimsTransformation with JWT Tokens in .NET Core API Authentication
Using OAuth 2.0 introduces the api trust of Jwt bearer tokens. Presumed is that this token will contain all of the identity, role, permission, and policy related claim data required by your API. These presumptions come with some significant impacts You have centralized the claim provisioning to your identity provider. Either that god service a)ContinueContinue reading “Using ClaimsTransformation with JWT Tokens in .NET Core API Authentication”
Code Impressions 