Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Authn vs Authz #381

Open
hhstore opened this issue Aug 23, 2022 · 4 comments
Open

Auth: Authn vs Authz #381

hhstore opened this issue Aug 23, 2022 · 4 comments
Labels
Authentication 认证(登录认证) Authorization 鉴权(权限管理)

Comments

@hhstore
Copy link
Owner

hhstore commented Aug 23, 2022
edited
Loading

related:
@hhstore
Copy link
Owner Author

hhstore commented Aug 23, 2022
edited
Loading

AuthN(Authentication) vs AuthZ(Authorization):

概念:

扩展:

This was referenced Aug 23, 2022
Open
Open
@hhstore hhstore added Authentication 认证(登录认证) Authorization 鉴权(权限管理) labels Aug 23, 2022
@hhstore
Copy link
Owner Author

hhstore commented Aug 23, 2022
edited
Loading

AuthN:

参考:

方案:

  • ✅ Basic Auth(HTTP 基本认证): http + password
  • ✅ 基于 Session 的认证: http + cookie + session
  • ✅ Bearer Token 或者 Basic Auth Password
  • ✅ JWT(JSON WEB TOKEN)
  • ✅ OAuth (开放授权)
  • ✅ SSO
  • ✅ 硬件加密设备: hardware tokens (FIDO U2F tokens, RSA tokens, Yubikey)
  • ✅ 外部软件设备: mobile devices (SMS/call verification, push approvals, TOTP apps)
  • ✅ 生物芯片: 指纹/人脸识别等
  • ✅ Two-factor authentication: 2FA, TFA, second-factor authentication
  • ✅ Multi-factor authentication (MFA)

JWT:

@hhstore
Copy link
Owner Author

hhstore commented Aug 23, 2022
edited
Loading

AuthZ:

方案:

  • ✅ Role-based access control (RBAC): 基于角色的访问控制
  • ✅ Attribute-based access control (ABAC): 基于属性的访问控制

@hhstore
Copy link
Owner Author

hhstore commented Aug 23, 2022
edited
Loading

API 加密签名方案:

This was referenced Apr 26, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Authentication 认证(登录认证) Authorization 鉴权(权限管理)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hhstore