There is a lot of confusion around modern authorization. In this post, I lay out the differences between authentication and authorization and review the evolving challenge of application authorization. I then describe the two approaches to cloud-native access control and introduce an open-source project that marries the best of both.

Authentication vs. Authorization

There is a common misconception about authorization and authentication. People tend to use the two terms interchangeably, or lump them up as “auth,” but they are two distinct processes.