Zend_Auth is used for authenticating users with a variety of authentication methods, including LDAP, OpenID, and HTTP. Authentication is the process of verifying that the provided credentials are valid for the system. By authenticating to your system, your users can prove that they are who they say they are.
Zend_Acl is an implementation of Access Control List (ACL) authorization. Generally speaking, ACLs are lists of roles that are authorized to perform a particular operation on specific resources in your system. Zend_Acl can support advanced rule definitions with features such as multiple inheritance for roles and assertions for conditional rules.
Zend_Auth and Zend_Acl can be used together to build very sophisticated security systems: first the user confirms their identity with Zend_Auth, then this identity is used to assign one or more Zend_Acl roles to the user for authorization to use or modify resources in the system.
Posted in: Zend