It’s easy to confuse authentication with authorization. The two are frequently used interchangably in conversation and are often tightly associated as key pieces of web service infrastructure. But the two are really two different concepts which often are completely divorced from each other. Authentication is the process where by an individual’s identity is confirmed. Whereas authorization is the association of that identity with rights and permissions.
The build versus buy licensing dilemma is the oldest debate in the industry. After all, managing the licensing of your software is an important aspect of any commercial application, but it is not the core product you are selling.
The build vs. buy debate centers around the balance between providing the features and functionality your customers want in your software, with your need to protect access to your software through licensing systems. Developers approach this strategically and smartly, and prefer to not reinvent the wheel, utilizing libraries, previously written code, and third party services to provide the license scaffolding around the software solution.
As an ISV, moving your application into the Cloud and offering it as a service is no trivial task. How software is supplied and managed for the desktop is very different than as a service. The usage and requirements of network connectivity, scaling, authentication and authorization, as examples, are all subtly different from the Enterprise model.
Once you get past the foundation of how to supply your application as a service, you need to solve the additional problems of authorization and utilization; or “Who has access to what?” and “How much are they using?”