authz & authn

好风 发表于 2018-08-16T10:47:20.798810Z
  • Authorization (authZ)
  • Authentication (authN)

Authn primarily deals with user identity: who is this person? Is she who she says she is? There are a large number of systems that handle this “checkpoint” level of identity and access management and help to reduce the number of credentials that a user needs to provide, often through single sign-on (or SSO).

Authz answers a different set questions, for example: what should this user or system be allowed to access (authz can manage service-to-service as well as user-to-service permissioning)? An authz platform might determine if a user is a developer, and then grant his/her permission to push source code to a Git repository, but prohibit the user from directly changing the software deployed into the production environment.