Authorization Open Service Interface Definition
The Authorization Open Service Interface Definition (OSID) is an O.K.I. specification which provides the means to define who is authorized to do what, when. OSIDs are programmatic interfaces which comprise a Service Oriented Architecture for designing and building reusable and interoperable software.
Authorizations associate Agents, which represent the user or another actor in the system, with Functions and Qualifiers. One can think of Authorization in terms of a grammar where an Agent is a noun, Functions are operations or verbs, and Qualifiers are objects of the operation. An authorization can then be read as a sentence.
For example, Jeff (an Agent) can write checks (a Function) on the Department account (a Qualifier). Since a system may have many Qualifiers they might be represented using a Hierarchy. For example, the Software Engineering Department account (a Qualifier) can have sub-accounts for Web Development (another Qualifier) and Database Development (a third Qualifier). If Jeff (our Agent) is explicitly authorized to write checks (the Function) on the Software Engineering account (the explicitly stated Qualifier), he is implicitly authorized to write checks on the Web and Database Development accounts.
An Agent in the Authorization OSID is represented using a unique identifier which can be examined via the Agent OSID.
References