CHAPTER 11Authorization: Now That I’ve Got It, How Do I Get to It?
Little pig, little pig, let me in.
—The wolf in the story of the Three Little Pigs
You don’t really log in to an application in order to be handed the keys. Authentication is just the first step. You have informed the framework as to who you are, which is fine. But now it must take that information and match it against established policies in order to govern what actions you are able to perform after that. This is called authorization. The difference between authentication and authorization is subtle. Think of it this way.
When you authenticate, you’re going to the coat room and ...
Get Designing an IAM Framework with Oracle Identity and Access Management Suite now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.