Closed UppaJung closed 3 years ago
amyjko
commented
3 years ago Thanks, these are great improvements! I'd like to credit you in the acknowledgements. If you'd like to be credited, can you give me the name you'd like me to use? This would go on the table of contents page.
UppaJung
commented
3 years ago Thanks. Stuart Schechter is fine if you'd like to acknowledge, but also small enough contribution that's fine to leave out.
amyjko
commented
3 years ago Thanks Stuart!
I hope you don't mind a PR instead of an issue. A few proposed changes here. First, it appears "authentication" was used before it was defined--I think because it was meant to be "authorization".
Second, security is much more than access control, so I'd suggest introducing the two core components of access control as such rather than as the two core concepts of security as a whole.
While not part of the proposed change, I would suggest reversing the order when presenting authentication and authorization. You can talk about authenticating an identity/party (person/group/developer/application/etc) in the absence of using that identity to authorize access (introducing the noun in an authentication policy without the verb), but you can't really talk about the action authorizing an identity/party to do something (a verb) without that noun. This is why the security literature typically puts authentication before authorization.