Вопрос к ораклистам

[Lena]

В чем разница между понятиями Authentication и Authorization?

"Compromised Authentication
Establishing user identity is also of primary concern in distributed environments; otherwise, there can be little confidence in limiting privileges by user. For example, unless you have confidence in user authentication mechanisms, how can you be sure that user Scott connecting to Server B from Client B really is user Scott?"

"Compromised Authorization
You also need to have confidence in the way clients and servers are made known to one another over the network, so that you have assurance not only that user Scott is who he says he is, but that Client B and Client A are also what they claim to be."

Хоть убейте, не вижу разницы

[Buddy Z]

[trn]Wto skoree obshchij vopros, ne tol'ko dlja "oraklistov"[/trn]
Authentication [trn]wto cho-to tipa "kto ty takoj?", a[/trn]
Authorization - [trn]"ja znaju kto ty takoj, a chto konkretno tebe pozvoleno delat' v sisteme?"[/trn]

В чем разница между понятиями Authentication и Authorization?

"Compromised Authentication
Establishing user identity is also of primary concern in distributed environments; otherwise, there can be little confidence in limiting privileges by user. For example, unless you have confidence in user authentication mechanisms, how can you be sure that user Scott connecting to Server B from Client B really is user Scott?"

"Compromised Authorization
You also need to have confidence in the way clients and servers are made known to one another over the network, so that you have assurance not only that user Scott is who he says he is, but that Client B and Client A are also what they claim to be."

Хоть убейте, не вижу разницы :)

[Lena]

[quote="Buddy Z"][trn]Wto skoree obshchij vopros, ne tol'ko dlja "oraklistov"[/trn]
Authentication [trn]wto cho-to tipa "kto ty takoj?", a[/trn]
Authorization - [trn]"ja znaju kto ty takoj, a chto konkretno tebe pozvoleno delat' v sisteme?"[/trn]

Ага, спасибо. Я тоже придерживалась такого мнению, но засомневалась. Значит будем считать, что это в STS тесте ошибка. С ними это иногда случается.

[Циник]

Authorisation is what you allow people to do. But for an authoristation
scheme to have any use, you must be able to reliably identify your subjects.
If you say Tom can only write $10 cheques, but you cannot identify Tom, then
either you let Tom write bigger cheques or you let no one write a cheque
bigger than $10. This is where Authenticaiotn comes in. It allows you to
reliably identify your subjects. So in my mind any Authorisation scheme
will make use of authenticaiton mechanisms

.
Довольно доходчиво, как мне кажется.

Вопрос: Согласны ли вы с утверждением последнего предложения цитаты?