Security Component SPIs

The core framework defines two SPIs that define the security architecture:

the Authenticator SPI allows for different authentication implementations to be used
the Authorizor SPI allows for different authorization mechanisms to be used

By "authentication" we mean logging into the application using some credentials, typically a username and password. Authentication also means looking up the set of roles to which a user belongs.

And by "authorization" we mean permissions: granting roles to have access to features (domain object members) of the app, and granting users to those roles.