On Tue, Mar 09, 2004 at 01:35:07PM -0600, Gordon Fecyk wrote:
"What *identity* is it that needs to be authorized".
First off I understood the problem statement was about authentication, not
authorization. There's a difference: authentication is who you are or who
you represent, authorization is what you're allowed to do. In SMTP I'd still
want everyone to be allowed to send me mail, I just want to know who they are
or who they represent first.
Exactly, authentication is about who you are (here: IP address),
and authorization is what you're allowed to do (here: use e-mail
address).
But many people use "identity" for the e-mail address.
So my question was whether he was talking about the IP address
or the e-mail address when talking about "identity".
regards
Hadmut