• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is it necessary to handle authorization?

 
rose deng
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Seems don't think authorization handle is necessary. Since both customer and travel agent can do same thing.

Thanks.
 
Deepak Pant
Ranch Hand
Posts: 446
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would agree. I was planning to mention this in my assumptions.
 
sankha subhra das
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
u can think abt role based single sign on as well


Thanks
Sankha Subhra das
SCEA
 
rose deng
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, shonkho:

Thanks for your reply.

Could you please tell me what do you mean by role based sign on?
 
Alastair Calderwood
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rose,

Customer and travel agent don't quite do the same, as the travel agent can access any customer account, whereas customer can only access their own account. I think there would be an authorisation component to handle this.

I'm also going to state as an assumption that there is an administrator who adds new flights to the database (i.e. when the timetable is published)

Alastair
 
Joseph Zhou
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the agents also need to be managed by admin too. I seems some kind of authorizatiion is required.
 
Deepak Pant
Ranch Hand
Posts: 446
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think this falls under the bucket of non-functional key architectural considerations. Since no specific reaquirements have been stated we can always state certain assumptions around this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic