Hey,

We have talked a lot about Modularity lately, so it is about time for something different. We dig deep and broad into Authentication, which is:

Who are you and can you prove it is true?

Turns out that most software systems must have some kind of identity (account) to perform various actions/requests; it is simply required for many useful features and functionalities.

There are lots of implementations, methods and processes of authentication - all described in the blog post; interestingly, with most of them, a common pattern arises:

• there is an authentication process - of any complexity and numbers of steps (factors); requiring passwords, codes or keys
• we go through the process - get a session, token or ephemeral secret linked to the proven identity in exchange
• this session, token or ephemeral secret is a Temporary Identity Proof, a proof of proof

We then mostly operate on these temporary proofs - this approach has a number of benefits and there is much more to the matter. Have a read: https://binaryigor.com/authentication-who-are-you-proofs.html

I plan to write about Authorization as well, but there also are thorough MySQL vs PostgreSQL Performance Tests in the queue - will see what goes next.

Hope you find it as interesting as I do and see you in the next one!

Igor