blog

SEAN K.H. LIAO

authn: authentication is proving your identity

authz: authorization is proving your permission to access something

RBAC

role based access control

GCP

service accounts are assigned roles in the iam/admin page

roles and their permissions can be edited in the iam/roles page

Kubernetes

service accounts can be created through the ServiceAccount kind

roles can be created through the Role and ClusterRole kinds

roles can be assigned to service accounts through RoleBinding and ClusterRoleBinding kinds

ACL

access control lists

similar to RBAC, but directly maps permissions to users. ACL with only groups is identical to RBAC

in the wild

single key

Your access token / key is tied to your identity, and sometimes limited in specific permissions, examples:

multi key

You have a (public) stable id and a (volatile) secret, examples: