most_likely_bollocks

@most_likely_bollocks@programming.dev
0 Post – 1 Comments
Joined 1 years ago

It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).