Authentication vs authorization?
Why are role claims often not enough?
Where should order-ownership checks live?