W3C home > Mailing lists > Public > public-rww@w3.org > October 2012

identification, authorisation, authentication

From: Nathan <nathan@webr3.org>
Date: Wed, 31 Oct 2012 01:40:51 +0000
Message-ID: <509081A3.3030708@webr3.org>
To: rww <public-rww@w3.org>

This may seem like first year stuff, but it may be useful to mention.

Identification != Authentication != Authorisation .

Generally we can say that Authentication provides us with an identifier 
for the authenticated agent, and Authorisation is then done using the 
authenticated identifier.

API wise, this means we have:

Interface Authentication {
   agent-identifier authenticate(*);
}

Interface Authorisation {
   boolean authorise(agent-identifier vai, request r, *);
}

Step one is to authenticate the requesting agent and establish an 
agent-identifier for them.

Step two is to see if the established agent-identifier is authorised to 
do what they've requested.

WebID-Protocol implements the Authentication interface, and returns a 
specific kind of agent-identifier, namely a WebID.

WebAccessControl implements the Authorisation interface.

When working on the web, it makes sense that an agent-identifier be a 
URI (of which WebIDs are a subset).

This decoupling means that WebAccessControl doesn't require a WebID, 
rather it just requires a URI identifying an agent.

I'm only mentioning this because sometimes when you look at things 
closely for a long time the simple stuff gets all mixed up. Or perhaps 
more accurately, writing the above clears things up in my own head and 
allows me to both share it and sanity check it with the group :)

Best, Nathan
Received on Wednesday, 31 October 2012 01:41:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 31 October 2012 01:41:58 GMT