Understanding authorization concepts
The second piece of the identity puzzle is authorization, usually shortened to AuthZ. Where AuthN is about finding out who you are, AuthZ is about what you are allowed to do.
Going back to the real world and how things work there, let's for a moment consider international air travel. Assume for simplicity's sake that all international travel requires you to show a passport. If you don't have a passport with you, this will be the same as not being authenticated (unauthenticated) and you will not be allowed into the destination country.
If you have a passport, the relevant authorities will examine it by asking the following questions:
- Is it issued by an actual country? (Unfortunately, ''.NET-land'' is not recognized by the United Nations.)
- Does it appear genuine, with watermarks, biometric markers, and so on, or does it look like something you printed at home?
- Can the issuing country be trusted...