For service lists, should there be display classifications, perhaps make that extensible with base classifications such as
Display
Hide
Display but disable
Display with auth request
Something else?
Use case:
User A logs in, but does not have access to all services.
Should the services they do not have access to be treated using the classifications above?
If so, who controls that? Service Provider?
If not, then we must notify the user immediately so they are aware, FAIL FAST.
For service lists, should there be display classifications, perhaps make that extensible with base classifications such as
Display
Hide
Display but disable
Display with auth request
Something else?
Use case:
User A logs in, but does not have access to all services.
Should the services they do not have access to be treated using the classifications above?
If so, who controls that? Service Provider?
If not, then we must notify the user immediately so they are aware, FAIL FAST.