AuthN is: I claim to be dreadgoat, but how can I prove it? (login, password, mfa)
AuthZ is: Now that you know I am dreadgoat, do I have permission to post this comment? (access control, roles, attributes)
I know what they are and the differences, I thought the N and Z would somehow be an easy way to work it out/remember. But the trick is just to remember which is which.
What’s this authN / authZ business?
That’s the thing, nobody really knows!
AutheNtication vs. AuthoriZation, I believe
How’s that supposed to help?
AuthN is: I claim to be dreadgoat, but how can I prove it? (login, password, mfa)
AuthZ is: Now that you know I am dreadgoat, do I have permission to post this comment? (access control, roles, attributes)
I know what they are and the differences, I thought the N and Z would somehow be an easy way to work it out/remember. But the trick is just to remember which is which.
N comes before Z in the alphabet, and you must always AuthN before you can AuthZ. Easy mnemonic.
It doesn’t