• most_likely_bollocks@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    It’s really not that hard. Authentication is about proving the identity of the subject e.g. logging in using information only known / in possession by the subject (password, mfa etc). Authorization is about establishing what permissions that identity has in a given context. E.g. is this identity allowed to create/read/update/delete these resources. Authorization is typically done through roles (RBAC) or more granulary through attributes (ABAC).

    • csm10495@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Now how does this compare to AuthN and AuthZ…

      Holy crap after writing that AuthN must be authentication and AuthZ must be authorization.

      I’m a genius.

  • kensand@lemmy.kensand.net
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    And even with ‘AuthN’ vs ‘AuthZ’ it always takes me a minute to spell them out and work out which is which

  • bsdGuy0@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Who doesn’t like compounding two words with different meaning by definition, but for some inexpiable reason have the same meaning in the programming world, by shortening them?

    Now the poor, average programmer has to deal with strange words. One such example is “permission,” which is normally used within a casual context, rather then within a more serious context, like a program handling secure data. The poor programmer can now no longer take his job seriously, and is now forever in an existential crisis, due to the lack of formality. ;)