Wiki.Quizz.vn

User Tools

Site Tools

Trace:
security:authentication-and-authorization

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
security:authentication-and-authorization [2026/06/13 03:08] phong2018security:authentication-and-authorization [2026/06/13 03:24] (current) phong2018
Line 1: Line 1:
 +https://drive.google.com/file/d/1TIeK1rpQMfTS7lH_6Rf-Vjq5VeziDcQB/view?usp=sharing
 +
 ====== Authentication & Authorization Technologies ====== ====== Authentication & Authorization Technologies ======
  
Line 25: Line 27:
  
 ├── Authentication (Who are you?) ├── Authentication (Who are you?)
-│   ├── Password-based +│   ├── Password-based (user proves identity using secret password) 
-│   ├── Session-based +│   ├── Session-based (server stores login state using session cookie) 
-│   ├── Token-based +│   ├── Token-based (stateless authentication using tokens) 
-│   │   ├── JWT (token format) +│   │   ├── JWT (JSON Web Token format used to carry claims securely signed
-│   │   └── Opaque Token +│   │   └── Opaque Token (random token validated by server lookup) 
-│   ├── API Key +│   ├── API Key (static key used to identify and authenticate client apps) 
-│   ├── Basic Auth +│   ├── Basic Auth (username/password sent with each request in encoded form) 
-│   ├── Passkeys / WebAuthn +│   ├── Passkeys / WebAuthn (passwordless authentication using public-key cryptography) 
-│   └── MFA / 2FA (authentication layer)+│   └── MFA / 2FA (extra authentication layer requiring multiple factors)
  
 ├── Authorization (What can you do?) ├── Authorization (What can you do?)
-│   ├── OAuth2 (delegated authorization framework) +│   ├── OAuth2 (delegated authorization framework that grants limited API access without sharing credentials
-│   ├── RBAC +│   ├── RBAC (Role-Based Access Control using roles to define permissions) 
-│   ├── ABAC +│   ├── ABAC (Attribute-Based Access Control using user/resource/context attributes) 
-│   └── ACL+│   └── ACL (Access Control List defining permissions per user or group per resource)
  
-└── Federation / SSO (Identity federation+└── Federation / SSO (Who vouches for you?
-    ├── OpenID Connect (OIDC) +    ├── OpenID Connect (OIDC) (identity layer on top of OAuth2 used for login and identity verification
-    └── SAML+    └── SAML (XML-based enterprise federation protocol for single sign-on across organizations)
 </code> </code>
  
security/authentication-and-authorization.1781320129.txt.gz · Last modified: by phong2018