Accepted
Authentication tells who the user is. Authorization tells what the user can do.
- Simplicity - how easy is it to implement
Merge authentication and authorization into a single service, once separating it adds unnecessary overhead.
- Services can consume the same place for authentication and authorization
- Increase the coupling between authentication and authorization