|
|
|
|
|
|
by Scaevolus
534 days ago
|
|
|
Authorization can be achieved by authentication with either a preshared key or a key derived using public key cryptography and some PKI. It's trivial to implement on an open channel, HMAC being a common form. This is how old APIs using HTTP (Flickr, S3) handled authorization despite all communication being cleartext. Confidentiality and integrity can be achieved with a single authenticated encryption primitive, or done separately with encryption and a hash-based authentication primitive, or exist as one without the other. |
|
|