Authorization and roles
Key-based authentication offers functionality to securely associate connections with peers within an infrastructure. Very often it is enough to make sure that only authenticated systems can communicate. There are also cases where we need to allow / disallow certain operations based on the remote peer issuing the command. The process of verifying whether a peer is allowed to issue a certain command or not is called authorization, as mentioned earlier in the chapter.
Very often we associate one or more roles to specified users or systems in the infrastructure. An example is that IT administrators need to perform different operations from regular users of a system. It could also be different from operations performed by an automated backup system.
Also, defining what each of the users or applications in the system is allowed to perform can be very time consuming. If our application offers a large number of features and supports hundreds of users or systems, it is a tedious...
