An important part of any architecture is attention to how to simplify the security for applications on the platform. Usually there is some sort of federated auth identity and centralized authorization access control. But neither of those important pieces make it into this article. Is it possible that security wasn't actually considered?