GF.Permission Register

This function offers a means to store and publish permissions (technical representations of business rules about infrastructural actions like reading or writing information). It usually accompanies a function. Note that for many systems, its permissions are written in a format specific to that system: the capabilities of a Permission Register with respect to the kinds of permissions it can handle are hard-coded. This means that if a Permission Register (and Permission Validation) facility is positioned in an infrastructure landscape to authorize access to a set of resources, it cannot automatically be assumed fit to also authorize access to a new, different set of resources. E.g. a Permission Register that can hold s access control lists for web URIs cannot be assumed to also be able to hold access rules for a mail application.

Permission Register is modelled separately from Permission Validation for two major reasons:
 * to account for the security aspects (both in the sense that a Permission Register itself must be properly secured, and that positioning a Permission Register in an infrastructure overview serves as a focal point for security considerations), and
 * because the permissions that can be stored in a particular Permission Register instance are inherently limited to a specific set of actions for a specific (type of) infrastructure resource (as described above).