Identify: who are you?

Authenticate: prove who you are!

Authorize: I know who you are, here's what you're allowed to do.

(Noted for myself so I don't forget and so I use these terms correctly.)

@liw Auth: I can't remember which one is authenticate and which one is authorize, maybe if I use this ambiguous shorthand nobody will notice

(bad news, the security folks noticed)

@cwebber I've seen the shorthand authn (authentication) and authz (authorization) used. These seem simple enough and un-ambiguous, so I like them.

@cwebber its the security folks fault, words that start with the same letters hash to the same part of my brain. Don't use alliteration if you want people to remember the difference between two things. Why couldn't we call it verification and permitting?

Sign in to participate in the conversation
Mastodon @ SUNET

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!