Definition: authorization is the process of determining a person’s memberships in order to determine what permissions, resources and entitlements are appropriate for her.
IAM provides the UH Groupings authorization service. Authorization services are generally used to determine what permissions, entitlements or resources a person may access and are generally represented by memberships (e.g. “is member” logic is used by the application to determine permissions).
Externalizing application authorization is an important step forward in application maturation. Memberships are an abstract that can be reused across multiple applications and subjected to additional business logic such as automated deprovisioning and comprehensive permissions auditing and reporting.
Developer resources, further reading: