This definition divides the responsibilities into a) user data entry and b) user access, c) the security system, and d) the database behind the security system. This approach allows the user interface to change without disturbing or even touching the logic behind it. The interface is completely ignorant of how it is being used.
It merely provided fields to receive and display information. In fact the same interface could be used at many different levels through the system, e.g. application security, system security, and function level security.
| Security Client Application
|The client application knows nothing about presentation or the actual validation. Its sole responsibility is to obtain valid input for the security system "Validate User" interface.
| Security System
|The security system knows how to interpret security information about a user, but not how its knowledge will be presented to the user.
It does not even know where the security data is physically stored.
|Security System Database Interface
|The security system database knows the current database and how to format the validation request in to the SQL or other language needed to get an answer from the current database. This separation of the database from the security system using an interface allows for the replacement or upgrade of the database without changes to the applications that use it as long as the interfaces remain the same.