On Thu, Aug 8, 2013 at 5:59 PM, Merijn Verstraaten <[email protected]> wrote:
> CurveZMQ provides authentication, ZAP provides authorisation. True... but ZAP is how you plug a client authenticator into libzmq. E.g. if you want to use LDAP to authenticate clients, you make a ZAP-to-LDAP bridge. > The naming (i.e. ZMQ Authentication Protocol) is a bit unfortunate. CurveZMQ > only deals with "client managed to authenticate", it doesn't decide whether > a specific client is allowed to connect to a certain socket (beyond the > basic unauthenticated clients can't connect). > > ZAP lets you add arbitrary authorisation mechanisms to decide based upon > authenticated identity. Until the ZAP handler says yes or no, the client is neither authenticated nor authorised. I could call it ZAAP, if you prefer... -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
