[Blog Post] Why OAuth itself is not an Authentication Framework
- Prabath Siriwardena
- Senior Director - Security Architecture - WSO2
Authorization is about what you can do. Your capabilities. You could prove your identity at the boarder control by name - by picture - and also by finger prints and eye retina - but it's your VISA that decides what you can do. To enter in to the country you need to have a valid VISA that has not expired. A valid VISA is not a part of your identity - but a part of what you can do. Also what you can do inside the country depends on the VISA type. What you do with a B1 or B2 differs from what you can do with an L1 or L2. That is authorization.
Read the full blog post in Prabath's blog.