ss_blog_claim=4037e1ab37562895784b0e2f995a5eec ss_blog_claim=4037e1ab37562895784b0e2f995a5eec

7.21.2008

Authentication vs Authorization


These are two of the most common misused or misunderstood jargons in IT. These two mechanisms are normally performed by the same physical hardware and, at times, also with the same software. But how does one differ from the other?

Authentication is the mechanism that allows system to securely identify its users. This is related to questions such as :

- Who is the user?, and
- Is the user really who he says he is?

Authorization on the other hand is the mechanism whereby system identify to what access level a particular authenticated and logged user should have. This mechanism ensures that sytem users are given access rights and limitations based on their assigned roles on the system. This mechanism is related to questions such as :

- Is this user authorized to access this resource?
- Is this user authorized to perform this operation? and
- Is this user authorized to perform this operation on this resource?

No comments:

Post a Comment