Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I like these types of projects (auth) and happy to see this is a thriving area. I was a little puzzled by the very first line in their gitbook [0] documentation:

“Kanidm is an identity management server, acting as an authority on accounts and authorisation within a technical environment.”

Shouldn’t that be authentication, or am I misunderstanding the purpose of Kanidm?

[0] https://kanidm.github.io/kanidm/intro.html



Just for you, I fixed up this line in the book to make it clearer. Issue reports about things like this is docs and clarity are always welcome!


Authentication is part of the "accounts" part. :)


auth is auth. Don't overcomplicate the matter.


You would be the one overcomplicating the matter by clumping these distinct concepts together.

Edit: For those unfamiliar with the concepts:

  Authentication: subject identity - is the user who they claim to be?
  Authorization: subject permissions - is this user permitted to execute that action?


Authentication - can you login or not?

Authorization - should you be able to see the admin dashboard or not?


Authentication and Authorization are distinct concepts whose English terms both start with the same prefix.


The set of possible Authorization policies without having some form of Authentication is quite limited ;)


Within ABAC schemes, Authorization is a boolean function over (Request, Principle, Environment). If you zero the Principle, you can still represent a large number of unique policies considering just the Request and the Environment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: