HMAC Authentication
HMAC Authorization
- ACL-type
- Groupings possible (which inherit groups of ACLs)
Permissions based
- Expensive permissions checks are done once, when asking for permission
Permissions only requested when needed for the session
- Saves processing time for simple one-time actions
- Once permission is granted, token is 'upgraded' to include the requested permission
- Frequent permissions checks check only the token, not the ACL table.