authorization

We all know that it is possible to use the feature known as 'Username tokens' in Apache Rampart/C to "Authenticate" a user. This feature can be used to verify if a user has access to a given system or not. Security requirements of a service does not end there. A system cannot grant carte blanche access blindly to its users. It needs to be more specific on credentials. For example, both Alice and Bob are in the system but only Alice can access my personal details.