User authentication has long been delegated to specialized components in an IT environment. However, user authorization for accessing a resource is still generally managed by the same application managing resources because the authorization process very much depends on the business logic and on the details of the resources managed by the application. As the complexity of applications increases, these applications should take into account an increasing number of users and classes of users, each having very different needs with respect to the application. Hence the user interface, the functionality, and the business data available to a particular user depend on a lot of factors.