...
- Authentication answers the question "who is the person, and how do I verify that they are who they say they are?" Fedora 4 relies on the web servlet container to answer this question.
- Authorization answers the question, "does this person have permission to do what they want to do?". Fedora 4 provides three different ways to answer this question:
- Simple servlet container authentication. Anyone who has authenticated through the web application container (Tomcat, Jetty, WebSphere, etc.) has permission to do everything – in effect all, authenticated users are superusers.
- Basic Access Roles authorizations. Authenticated users are mapped onto one or more preconfigured roles; a user's role determines what they have permission to do.
- XACML authorizations. Policies created using the XACML framework are used to determine what operations are permissible to whom, using user and object resource properties exposed to the XACML engine.
...