this post was submitted on 25 Jun 2023
401 points (99.3% liked)

Programmer Humor

19503 readers
358 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 1 year ago (2 children)

It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).

[–] [email protected] 13 points 1 year ago (1 children)

Now how does this compare to AuthN and AuthZ...

Holy crap after writing that AuthN must be authentication and AuthZ must be authorization.

I'm a genius.

[–] [email protected] 3 points 1 year ago

Indeed you are ;)