A subsystem, within a security system, designed to perform authorization. Inputs include the user's security token (containing their identity and rights) and a configuration that holds the list of protected resources and what user identities or rights may access them.
