From cb3941e91390ea3bd41ff5289696fa9ee4189c0c Mon Sep 17 00:00:00 2001 From: Issac Kelly Date: Mon, 4 Jun 2012 15:34:33 -0700 Subject: [PATCH] Changed the wording in the intro to Authentication and Authorization. Fixed 161 and 87. Thanks revolunet (Julien Bouquillon), stdbrouw (Stijn Debrouwere) natea (Nate Aune) --- AUTHORS | 3 ++- docs/authentication_authorization.rst | 15 +++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/AUTHORS b/AUTHORS index 0fb218000..2e6b332d9 100644 --- a/AUTHORS +++ b/AUTHORS @@ -23,7 +23,7 @@ Contributors: * Vincent Driessen (nvie) for FileField related patches. * Christopher Grebs (EnTeQuAk) for various patches. * Roman Bogorodskiy (novel) for documentation fixes. -* D. Hageman (dhageman) for a patch adding default values to RelatedFields. +* D. Hageman (dhageman) for a patch adding default values to Relatedields. * James Hsiao (thepeopleseason) for finishing the DigestAuthentication bits. * jesperp for a patch adding TimeField. * Marcel van den Elst (MacMaru) for testing regarding ``blank=True``. @@ -57,6 +57,7 @@ Contributors: * D.B. Tsai (dbtsai) & DuJour for funding: * The work to make non-pk URIs work better * Ryan West (ryanisnan) for finding and patching a bug in patch_list where requests were not included in the bundle. +* Julien Bouquillon (revolunet) for authentication and authorization docs fixes. Thanks to Tav for providing validate_jsonp.py, placed in public domain. diff --git a/docs/authentication_authorization.rst b/docs/authentication_authorization.rst index 3accbf220..21442e420 100644 --- a/docs/authentication_authorization.rst +++ b/docs/authentication_authorization.rst @@ -4,14 +4,17 @@ Authentication / Authorization ============================== -Authentication & authorization make up the components needed to verify that -a certain user has access to the API and what they can do with it. +Authentication & authorization make up the components needed to verify who a +certain user is and to validate their access to the API and what they can do +with it. -Authentication answers the question "can they see this data?" This usually -involves requiring credentials, such as an API key or username/password. +Authentication answers the question "Who is this person?" This usually involves +requiring credentials, such as an API key or username/password or oAuth tokens. -Authorization answers the question "what objects can they modify?" This usually -involves checking permissions, but is open to other implementations. +Authorization answers the question "Is permission granted for this user to take +this action?" This usually involves checking permissions such as +Create/Read/Update/Delete access, or putting limits on what data the user +can access. Usage =====