By using a blockchain, you enable auditing organizations to participate in the authentication process. For instance, I might publish a private message to the blockchain that is an authentication request to resource X. A smart contract would then act on that authentication request, and publish either an ACCEPT or REJECT message. By bringing auditing organizations into the blockchain, every authentication attempt is sent to the auditing organization before access is granted.
The key is that every transaction must be made known to the auditors before it is acted on. By logging to a traditional db, you're at the mercy of the party responsible for sharing out those logs.
a) Assume 3 components: client, server, auditorService
b) How to write to server:
1- client sends DATA to auditorService
2- auditorService signs DATA and returns S(DATA)
3- client writes (DATA, S(DATA)) to server
c) How to read:
1- client reads (DATA, S(DATA)) from server
2- client verifies S(DATA)
3.1- valid? -> continue
3.2- invalid? -> delete DATA from server
There are ways you can configure this to make either of these services have more weight (I made the server weak in this setup), and you can also give read access to everyone if you want it to be public (and only a subset of clients get write access). You don't need a blockchain.
The key is that every transaction must be made known to the auditors before it is acted on. By logging to a traditional db, you're at the mercy of the party responsible for sharing out those logs.