IntroductionAuthorization is a critical component of every business application. If the authorization system is down, the application is down, so it must run at very high availability. It also needs to evaluate every decision correctly or risk elevation of privilege or information disclosure vulnerabilities. Finally, it has to run at very low latencies, because authorization is in the critical path of every application request.Identity and access management (IAM) has long been considered a “work...