Grade 10 English. We learned the W5/6 (Who, What, Why, When, Where, How). Its a common framework to, well, frame something. So i thought, why not apply it to the problem domain at hand: Zero Trust Networking.
Who, Authentication, Identity: This is how we identify a user. We use a first class identity provider that already exists (Azure, Google, Apple, Okta, Auth0, etc). No sense making yet another password. Trust the upstream identity provider.
What, Authorisation. This is what you are allowed to do. Trust the upstream identity provider but verify, control. This is owned by our customer.
How, Access. After I know who you are, and what you are allowed to do, the next step is to make it happen. This is where the magic occurs, we intersect the Who with the What, and them make it transparent.