Skip to main content

The Authorization Gap and the four domains

Objective

Explain the difference between authentication and authorization at runtime, and name the four domains the AI Security Fabric covers.

Concept

Authentication proves who a caller is. It checks credentials and returns an identity: this request comes from user alice, or from a service account, or from an AI agent. That is where most identity systems stop.

Authorization is the next decision: given that identity, what may it do, on which resource, in what context, right now. A valid token does not answer that question. A caller can be perfectly authenticated and still have no business deleting a policy or reading a customer record.

EnforceAuth calls the space between the two "the Authorization Gap." Authentication tells you the identity is real; it does not tell you the action is allowed. The gap is where over-broad access, lateral movement, and confused-deputy problems live, and it widens as non-human identities (service accounts, agents, workloads) outnumber human ones.

EnforceAuth is the AI Security Fabric: decision-centric authorization across four domains.

  1. Applications — what a user or service may do inside an app.
  2. Infrastructure — what an identity may do against cloud and platform resources.
  3. Data — what may be read or written, at the row and record level.
  4. AI workloads — what an agent or model-driven process may do when it acts on someone's behalf.

The unit of work in every domain is the same: an authorization decision. A request arrives, a policy is evaluated against it, and the answer is allow or deny. The lab in this course models exactly that decision for one request.

Hands-on lab

Open ../lab/policy.rego and read the input shape at the top: a subject with a role and department, an action, and a resource with a kind and an owner. That input is the runtime context of a single request. The policy's allow rule is the authorization decision for it.

Run the suite:

git clone https://github.com/EnforceAuth/university-labs.git
cd university-labs
opa test courses/foundations-authorization-gap -v

Confirm you can tell, before running, why a request from an authenticated member in the finance department is still denied when it tries to delete a resource owned by platform. That denial is the Authorization Gap in one line: real identity, disallowed action.

Check for understanding

  1. A request arrives with a valid, unexpired token and asks to delete a record its identity has no right to. Is this an authentication failure or an authorization failure?
  2. Name the four domains the AI Security Fabric authorizes.
  3. In your own words, what is the "Authorization Gap," and why does the number of non-human identities make it larger?