Authorization is the process of verifying that the person associated with the current login session has permission to perform some action on an object. Actions typically include create, read, update, and delete, but could also include more complex operations like approve, grade, grant, etc. The object part of an authorization check can be practically any object in the system.
While the basic authorization question is easy to formulate, it's much harder to set up a structure and process that allows the question to be answered quickly and efficiently. Sakai is moving towards a new authorization system that will scale all the way to very large systems with thousands of users and millions of objects.