this post was submitted on 25 Jun 2023
351 points (99.2% liked)

Programmer Humor

19551 readers
1038 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] most_likely_bollocks@programming.dev 18 points 1 year ago (2 children)

It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).

[–] csm10495@sh.itjust.works 12 points 1 year ago (1 children)

Now how does this compare to AuthN and AuthZ...

Holy crap after writing that AuthN must be authentication and AuthZ must be authorization.

I'm a genius.