http://www.duke.edu/~rob/kerberos/authvauth.html

While it's perfectly accurate to call what we do wrt repository perms "authorization," the fact that we shorten it to "auth" is unacceptable because it renders it ambiguous with "authentication." So we really need to be explicit.

This is gonna be a bit of a PITA to do, of course, but we're technically not out of alpha yet, so now is the time.

Comments

sdboyer’s picture

so we don't need this right now, but it is a REALLY important distinction to be better about.