authnz

authentication and authorization

authnz

authentication and authorization

authn: authentication is proving your identity

authz: authorization is proving your permission to access something

RBAC

role based access control

• every active thing (accessor) has an identity, commonly implemented as service accounts
• every passive things (accessed) has permissions needed to access them
• roles are groups of permissions which can be assigned to identities

GCP

service accounts are assigned roles in the iam/admin page

roles and their permissions can be edited in the iam/roles page

Kubernetes

service accounts can be created through the ServiceAccount kind

roles can be created through the Role and ClusterRole kinds

roles can be assigned to service accounts through RoleBinding and ClusterRoleBinding kinds

ACL

access control lists

similar to RBAC, but directly maps permissions to users. ACL with only groups is identical to RBAC

in the wild

single key

Your access token / key is tied to your identity, and sometimes limited in specific permissions, examples:

• SSH key
• Magic link emails

multi key

You have a (public) stable id and a (volatile) secret, examples:

• username + password
• id + secret
• id + access token: often you are given a long lasting refresh token used to obtain a short lived access token