On 9/10/07, Noel J. Bergman <[EMAIL PROTECTED]> wrote: > > Assaf Arkin wrote: > > Alex Boisvert wrote: > > > I would also suggest using the standardized NIST RBAC terminology > (user, > > > role, permission) because it's most widely used and more intuitive > (and > > > business friendly). "Credential" seems to be the most common term > used > > > for proof of identity and authority. > > Credentials are proof of identity, not authority. > > I believe that's what Alex said. Credentials are for authentication. > Roles/permissions are for authorization.
Credentials are proof of both -- especially in non-centralized systems. My driver's license is proof of my identity (if you're willing to trust the DMV) *and* certifies that I can legally drive a car or a motorcycle with some vision correction apparatus. And take my Advanced PADI card... It also has my name and picture on it but I doubt I could use it for identification anywhere. Regardless, when I'm traveling to Belize I can rent scuba gear with it. The scuba shop doesn't really care who I am, they just care that I have some sort of certification. Saying credentials are for identification only is a pretty narrow definition. alex
