Pages tagged authorization:

It’s Me, and Here’s My Proof: Why Identity and Authentication Must Remain Distinct

public / private data with logging on
Overview of the security principles identity, authentication and authorization.
Ver clear description of the problem. Identity - "who are you?" - public assertion - locally unique. Authentication - "how can you prove it?" - secret response - non-unique. So biometrics are identity, not authentication.
How to Add Simple Permissions into Your Simple App. Also, Thoughtbot Rules! // RailsTips by John Nunemaker
I didn't realize the automatic boolean attributes part.
how to use mixins in Rails, with loads of useful stuff about testing at the end
Shoulda examples