Authorization¶
links: SPA TOC - Identification Authentication - Index
Authorization¶
- specifying access rights / privileges to resources
- related to access control / policies
- bundling authentication and authorization is a bad idea
- e.g. certificate contains the specific roles of the user
Authentication assurance / Level of Assurance (LoA): amount of certainty with which a claim to an identity can be trusted to be accurate
Identity assurance: level of identity assurance at initial verification process to ensure that the user is actually this person (email, address, ID, passport, ...)