• most_likely_bollocks@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).

    • csm10495@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Now how does this compare to AuthN and AuthZ…

      Holy crap after writing that AuthN must be authentication and AuthZ must be authorization.

      I’m a genius.