In message <[EMAIL PROTECTED]> on Tue, 5 Dec 2006 13:45:13 -0800, "David
Schwartz" <[EMAIL PROTECTED]> said:
davids> Authentication and authorization are the same thing.
Generally speaking, that's incorrect, even if you might have a
specific case where your statement applies.
To take an example, I can *authenticate* you if you show me a legal
piece of identity that shows you are you, but that doesn't mean that I
*authorize* you to raid my fridge. This simple truth is applicable to
security models as well.
davids> They are both required ...
OK, I'm going to take a humourous punch at what you just said; if
authentication and authorization are the same thing, why are both
required? Isn't one enough? Please make up your mind...
Cheers,
Richard
--
Richard Levitte [EMAIL PROTECTED]
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
