AuthenticationAndAuthorization Hub

Authentication answers "who are you." Authorization answers "what are you allowed to do." Most security incidents involve a failure of one or both. The protocols and patterns are stable enough that getting them right is mostly a discipline question.

This sub-cluster covers identity and access.

Foundations

- [AuthenticationAndAuthorization](AuthenticationAndAuthorization) — Core concepts; the auth vs. authz distinction

- [ApiSecurityPatterns](ApiSecurityPatterns) — Securing APIs at the auth layer

- [OauthAndOidcDeepDive](OauthAndOidcDeepDive) — The dominant identity protocols

- [GoogleSSO](GoogleSSO) — Google as identity provider; SSO patterns

Adjacent

- [Cloud Security Fundamentals](CloudSecurityFundamentals) — Cloud IAM

- [Network Security Fundamentals](NetworkSecurityFundamentals) — Network-layer access control

- [Web Application Firewalls](WebApplicationFirewalls) — Defense layer

- [Wiki Permission Model Guide](WikiPermissionModelGuide) — Permissions in a specific application