Role based access control (RBAC) for APIs
Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on developers and on us for them to prove they have done it correctly. The scope of this feature is to look into adding RBAC into APIs to (a) improve security and (b) reduce the assurance burden on developers. This might be based on the standard national RBAC model.