Home Blog Hire!

Authentication and authorization  

2018-03-11 Sunday 17:24 UTC

Be yourself; everyone else is already taken. (Oscar Wilde)

.. or else, how to build identity and access restrictions inside your app.



  • Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating. [= login + password (who you are)]
  • Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization. [= permissions (what you are allowed to do)]

Source: 1, 2


Provider From Protocols Purpose CVEs (2018-03)
OAuth 2.0 2012 JSON, HTTP API authorization between applications 39 (+ v1)
JWT, Tool 2015 JSON, HTTP Token verifying identity 9
SAML 2001 SAM, XML, HTTP, SOAP Single sign-on for enterprise users 56
OpenID Connect 1.0 2014 SAM, XML, HTTP, SOAP Single sign-on for + authorisation
OpenID 2.0 2007 XRDS, HTTP Single sign-on for consumers in an open environment 49
Kerberos 1980 UDP Single sign-on in controlled environment 228

Source: 1, 2, 3, 4, 5

© Goetz Epperlein 2016 - 2019   Imprint     Privacy