ESAPI Framework Strategy

the esapi should

be defined such that it can be used on behalf of applications by frameworks including containers (unless the nature of the functionality is such that it can only work from the application). another way this was said, is such that the api is compatible with ioc.

share the representations of authentication state employed by the underlying framework or runtime environment.

leverage the access control primitives (e.j. Java permissions) employed by the underlying framework or runtime environment