> specifies an authorization language where checks can be carried by the token
Why? Wouldn't a developer prefer to implement this inside its application logic anyway?
Edit: I think I figured it out myself: you're likely targeting the case where someone with a certain authorization wants to give someone else a weaker form of that authorization (attenuation).
Why? Wouldn't a developer prefer to implement this inside its application logic anyway?
Edit: I think I figured it out myself: you're likely targeting the case where someone with a certain authorization wants to give someone else a weaker form of that authorization (attenuation).