Changed the wording in the intro to Authentication and Authorization.

Fixed 161 and 87. Thanks revolunet (Julien Bouquillon), stdbrouw (Stijn Debrouwere) natea (Nate Aune)
derekzhang79 · Jun 4, 2012 · cb3941e · cb3941e
1 parent 96b7f60
commit cb3941e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -23,7 +23,7 @@ Contributors:
 * Vincent Driessen (nvie) for FileField related patches.
 * Christopher Grebs (EnTeQuAk) for various patches.
 * Roman Bogorodskiy (novel) for documentation fixes.
-* D. Hageman (dhageman) for a patch adding default values to RelatedFields.
+* D. Hageman (dhageman) for a patch adding default values to Relatedields.
 * James Hsiao (thepeopleseason) for finishing the DigestAuthentication bits.
 * jesperp for a patch adding TimeField.
 * Marcel van den Elst (MacMaru) for testing regarding ``blank=True``.
@@ -57,6 +57,7 @@ Contributors:
 * D.B. Tsai (dbtsai) & DuJour for funding:
     * The work to make non-pk URIs work better
 * Ryan West (ryanisnan) for finding and patching a bug in patch_list where requests were not included in the bundle.
+* Julien Bouquillon (revolunet) for authentication and authorization docs fixes.
 
 Thanks to Tav for providing validate_jsonp.py, placed in public domain.
 

diff --git a/docs/authentication_authorization.rst b/docs/authentication_authorization.rst
@@ -4,14 +4,17 @@
 Authentication / Authorization
 ==============================
 
-Authentication & authorization make up the components needed to verify that
-a certain user has access to the API and what they can do with it.
+Authentication & authorization make up the components needed to verify who a
+certain user is and to validate their access to the API and what they can do
+with it.
 
-Authentication answers the question "can they see this data?" This usually
-involves requiring credentials, such as an API key or username/password.
+Authentication answers the question "Who is this person?" This usually involves
+requiring credentials, such as an API key or username/password or oAuth tokens.
 
-Authorization answers the question "what objects can they modify?" This usually
-involves checking permissions, but is open to other implementations.
+Authorization answers the question "Is permission granted for this user to take
+this action?" This usually involves checking permissions such as
+Create/Read/Update/Delete access, or putting limits on what data the user
+can access.
 
 Usage
 =====