5.1 Security Considerations for Implementers

Central access policies embody authorization policies used to control access to resources. Write permission on central access policies gives users the ability to modify authorization policies. Central access policies are designed to be managed centrally, not to be edited on client computers.

Where possible, avoid storing central access policies on client computers in implementations of this protocol. If an implementation is required to store central access policies on client computers, do so in secure locations that only system processes can access.