auth

Overview For a change, this is going to be mostly a conceptual post. This also sets ground for the subject in the next few security related post. Currently there are several options for user authentication but I feel that app authorization is lagging behind. Most people (devs, analysts and biz) usually just go with the default role-based authorization which is flawed in at least a couple ways. In this post I will expose a better approach....