most_likely_bollocks

joined 1 year ago
[–] [email protected] 3 points 1 year ago

Indeed you are ;)

[–] [email protected] 17 points 1 year ago (2 children)

It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).