Authorization policy defines the method of authorization.

An authorization policy is a connector that gets the parameters from the request and maps to a specified service for authorization. In other words, it executes an already defined service for authorization and use some of the request parameters for input.

Authorization Policy Identifier

An interface or a service can use a defined authorization policy for usage restriction.

It should have a unique name so that it can be referenced from an interface or service definition.

Parameter Mapping

There are three kinds of authorization policies:

Executable Authorization Policy

This policy use an executable service for authorization.