<code>AuthorizationInfo</code> represents a single Subject's stored authorization data (roles, permissions, etc) used during authorization (access control) checks only. <p/> Roles are represented as a <code>Collection</code> of Strings ({@link java.util.Collection Collection}<{@link string string}>), typically each element being the Role name. <p/> {@link Permission Permission}s are provided in two ways: <ul> <li>A <code>Collection</code> of Strings, where each string can usually be converted into <code>Permission</code> objects by a <code>Realm</code>'s {@link hunt.shiro.authz.permission.PermissionResolver PermissionResolver}</li> <li>A <code>Collection</code> of {@link Permission Permission} objects</li> </ul> Both permission collections together represent the total aggregate collection of permissions. You may use one or both depending on your preference and needs. <p/> Because the act of authorization (access control) is orthogonal to authentication (log-in), this interface is intended to represent only the account data needed by Shiro during an access control check (role, permission, etc). Shiro also has a parallel {@link hunt.shiro.authc.AuthenticationInfo AuthenticationInfo} interface for use during the authentication process that represents identity data such as principals and credentials. <p/> Because many if not most {@link hunt.shiro.realm.Realm Realm}s store both sets of data for a Subject, it might be convenient for a <code>Realm</code> implementation to utilize an implementation of the {@link hunt.shiro.authc.Account Account} interface instead, which is a convenience interface that combines both <code>AuthenticationInfo</code> and <code>AuthorizationInfo</code>. Whether you choose to implement these two interfaces separately or implement the one <code>Account</code> interface for a given <code>Realm</code> is entirely based on your application's needs or your preferences.