1
1
M
M
a
a
i
i
n
n
T
T
e
e
r
r
m
m
s
s
I
I
n
n
f
f
o
o
Security is all about preventing Subject to have direct access to Restricted Resource (indicated with red dashed line).
Instead Subject has to take a longer root
by first providing Credentials in order to Authenticate himself
and then receiving Authorities which specify which Restricted Resource it can access
Subject is something that wants to access restricted Resource like
Person, User, Process, Application
Restricted Resource is something that can be accessed only by specific Subjects and can be
Room, Application, URL, Endpoint
Credentials are security related items used to Authenticate Subject. They answer question: "Who are you?". They can be
Username, Password, Temporary Code, ID Card, Bank Card, Token
Authentication is process of uniquely identifying Subject by using Credentials.
Authentication answers the question: "Who are you?" => By using Credentials
Identity/Principal is something that uniquely identifies Subject (after it has been Authenticated) like
ID, Username, Email, Phone Number
Authorization defines which restricted Resource are accessible to Subject/Principal
Authorization answers question: "What are you allowed to do?" => By using Authorities & Roles
Authorities/Roles are assigned to both Principals and Restricted Resources to control access to Restricted Resources.
Main Terms
Credentials
Principal
Restricted
Resource
Subject
Authorization
Authentication
Username, Password
URL, Endpoint
Authorities
Roles