5. Best Practice 3
• Understand the difference between Coarse
Grained and Fine Grained Authorization
6. Best Practice 4
• Design for coarse grained authorization but
keep the design flexible for fine grained
authorization
7. Best Practice 5
• Know the difference between Access Control
Lists (ACL) and Access Control Standards
– ACL are proprietary
– Standards include OASIS XACML and IETF OAuth2
8. Best Practice 6
• Adopt Rule Based Access Control: view access
control as Rules and Attributes
9. Best Practice 7
• Adopt REST Style architecture when your
situation demands scale and hence adopt
REST Authorization Standards
10. Best Practice 8
• Understand the difference between
Enforcement vs Entitlements model