Pergunta

I think a lot of new comers get confused because these two terms look and sound similar:

  • Authentication
  • Authorization

I think "Authentication" is well known, I will use this term.

But for some docs I currently write I would like to use an alternative word for "Authorization".

What's the best synonym for "Authorization"?

( ... weeks later: I will use "Permission Checks" as synonym for "Authorization")

Authentication and Authorization get confused very often. I want a clear distinct solution which is easy to understand for beginners.

Foi útil?

Solução 2

The docs of the Django REST framework use the word "Permissions" and "Permission Checks" instead of "Authorization".

Note: Don't forget that authentication by itself won't allow or disallow an incoming request, it simply identifies the credentials that the request was made with. For information on how to setup the permission polices for your API please see the permissions documentation.

Source http://www.django-rest-framework.org/api-guide/authentication/

...

Permission checks are always run at the very start of the view, before any other code is allowed to proceed. Permission checks will typically use the authentication information in the request.user and request.auth properties to determine if the incoming request should be permitted.

Source: http://www.django-rest-framework.org/api-guide/permissions/

Outras dicas

Using another word for "Authorization" or "Authentication" isn't helpful for writing documentation. Even though they're obscure, these two are already the most common words for those things, and any one-word synonym will make your text even less understandable.

Instead you should use phrases to express the same meaning. Authentication means proving to the system who you are, while authorisation is about what you're allowed to do. Therefore, you should write about proving your identity and about allowing actions, rather than about "authorising someone for something".

I agree with Kilian that these two words are the most common for what they describe and that using other words will reduce understandability even more.

But rather than using phrases instead of these words, i suggest this: create a glossary for your documentation (which is also useful for many other terms). Include Authentication and Authorization. When a reader gets confused about these two, they hopefully have noticed the glossary and will use it to clear the confusion.

If I were to be targeting a lay-person audience instead of technical, I would choose the words "Identification" and "Authorization."

If the audience is technical, I would stick with "Authentication" and "Authorization."

Licenciado em: CC-BY-SA com atribuição
scroll top