Skip to content

Authorization

links: SPA TOC - Identification Authentication - Index


Authorization

  • specifying access rights / privileges to resources
  • related to access control / policies
  • bundling authentication and authorization is a bad idea
    • e.g. certificate contains the specific roles of the user

auth-vs-auth.png

Authentication assurance / Level of Assurance (LoA): amount of certainty with which a claim to an identity can be trusted to be accurate

Identity assurance: level of identity assurance at initial verification process to ensure that the user is actually this person (email, address, ID, passport, ...)

LoA.png

assurance-matrix.png

quality-of-authentication.png


links: SPA TOC - Identification Authentication - Index