• Realms are security domains with RealmOwners (except GENERAL)

• Roles are logical groupings of Permissions determined by RealmRole

• Permissions abstract access to Tasks

• Actors play a Role within a Realm determined by RealmUser

• General, User, and Club are RealmTypes

• Authorization algorithm is complex, but well-tested so use it

Notes:

The concept of a realm is abstract, and it may take several readings of the code and this talk to assimilate it.

The authorization algorithm has many hooks. Care should be taken when plugging in new functions or overriding the default delegations.