Is there a whitepaper or set of documents on the built-in authorisation model of ArcGIS Enterprise? The various help sites and documents that outline authentication methods and how they work are more than sufficient but the authorisation component is a tad light.
I am trying to document (in as much detail as possible) the various components and interactions that occur when a user accesses a secured ArcGIS Server service (federated, gis item shared to group). I could patch something together myself that outlines the various components, e.g. redirects, generateToken requests and esri_auth cookies. However, I would much rather use an authoritative reference directly from Esri.