Authentication, Authorization, Accounting, Identity

After reading some posts in recent threads, I was wondering how these concerns are going to be separated on the Safe Network, or if there is already a structured approach toward this at all.

As far as I understand, the four things from the title go like this:

  • Authentication – “this message has the right signature”
  • Authorization – “this request is allowed”
  • Accounting – “this request is paid for”
  • Identity – “this thing belongs to a specific public identifier”

The current conversation makes me feel like authorization and authentication are mixed together quite a bit. For example, a thing called “Authenticator” is supposed to manage not only identities and accounts (which two are not really separated at this level) but also access rights. I’m not saying that’s fully unjustified since accounts are, in a way, just private keys, and they are used also for encryption, which is undeniably a form of access control as it’s used on the Safe Network. However, just because it’s hard to draw a clear line, keeping all these things tangled up sounds messy and sub-optimal, and it may become a problem down the road.

With regards to accounting, I just saw a comment that it is now possible to pay for a request separately from making the request. I think that’s nice but I’m not sure if it was introduced as an independent feature reacting to a specific need, or as a consequence of a more fundamental design decision about separating those concerns.

Identities, while certainly important to human users, are not something the low-level network should have to be concerned about at all (Solid, on a somewhat higher level, will do a great job to deal with such concerns). However, as I already noted above, it seems authentication and identity are mixed together quite a bit right now.

Disclaimer: I’m not sure how much of what I wrote is actually correct for the Safe Network. I may have missed news or misunderstood things. I wrote it in a “know-it-all” tone not because I know it all but because I didn’t want to make it even longer.