Authorization has to happen close to the application because it’s in the critical path of every application request. But fine-grained security requires real-time access to user attributes and resource relationships.
Read full article on The New Stack