Leave a comment There are some materials on the Web concerning the fact that role-based authentication is probably not the best option while implementing system security infrastructure. I find this blog post quite exhaustive: http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/. So basically you need a component which determines whether user X is authorized to perform action Y. But that is the simplest case scenario. Probably, in practice you n...