You must log in or register to comment.
Just call it a11n or a12n and nobody will know if they can’t count or if you can’t count
It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).
Now how does this compare to AuthN and AuthZ…
Holy crap after writing that AuthN must be authentication and AuthZ must be authorization.
I’m a genius.
