After a user has been identified as being authentic, an application can go about its business of providing some useful and desirable resources to a consumer. In many cases, applications might contain different resource types, with some resources having stricter rules regarding access. This process of determining who has access to which resources is the process of "authorization". Authorization in its simplest form is the composition of these elements:
the identity whom wishes to be granted access
the resource the identity is asking permission to consume
and optionally, what the identity is privileged to do with the resource
In Zend Framework, the Zend_Acl component handles the task of
building a tree of roles, resources and privileges to manage and query authorization
requests against.