Authorization policy defines the method of authorization.
An authorization policy is a connector that gets the parameters from the request and maps to a specified service for authorization. In other words, it executes an already defined service for authorization (authorization service) and use some of the request parameters for input.
Authorization Policy Identifier
An interface or a service can use a defined authorization policy for usage restriction.
Authorization policy should have a unique name so that it can be referenced from an interface or service definition.
Parameter mapping keeps the information of which request parameter is used for input of authorization service.
There are three kinds of authorization policies:
Executable Authorization Policy
This policy use an executable service for authorization.