Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Distinction between authentication and authorization in the docs #87

debrouwere opened this Issue · 1 comment

2 participants


Authentication answers the question “can they see this data?” This usually involves requiring credentials, such as an API key or username/password.

Authorization answers the question “what objects can they modify?” This usually involves checking permissions, but is open to other implementations.

The real distinction between authentication and authorization, it seems to me, is that the one asks "are you who you say you are?" and authorization asks "being that you are who you are, can you see/modify/do whatever?" So "can they see this data" is very much an authorization concern.

Might be worth making this a little bit clearer in the docs.

@revolunet revolunet referenced this issue from a commit
@revolunet revolunet fix #161 and #87 002ef08

Closed in cb3941e

@issackelly issackelly closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.