Authorization Intents
Designers can specify an authorization intent to require that services must authorize the consumer before processing a request.
In actual practice, authentication and authorization requirements often apply in tandem. Policies that satisfy client authentication intents often provide authorization information as a side effect.
Authorization intents usually apply at services. If you apply them to composites, services of the composite inherit them, as appropriate.
Qualifier | Description |
---|---|
none | Promoted services must
authorize consumers. Prior authentication must supply authorization information. |
Role
(default qualifier) |
Promoted services must authorize consumers
based on role information.
Prior authentication must supply authorization information. |