what is the difference between authorization and authentication?

November 9th, 2010

admin Security , , ,

  1. Mickey D
    November 9th, 2010 at 20:02 | #1

    The difference is large, very large. Authentication can be part of any authorization, if you are thinking of a particular kind of authorization (distance, elecronically, etc.). But merely to authenticate something is not necessarily to authorize anything at all. You may not be authorized to enter a movie theatre unless you pay. In order to pay, you have to give money that is authentic. It may be authenticated by a glance, but that is not the same as authorization which occurs when someone lets you in the place.

    Authentication means to assert that something is genuine (such as your money, your credit card, your password).

    Authorization means you have been given a power to do somethig, like enter or use something. As stated above, authentication may be a part of authorization (or it may not). But authorization is not a part of authentication at all.

  2. Boy
    November 9th, 2010 at 20:26 | #2

    Authentication is making sure that a user is recognized by the system.

    Authorization is enforcing which rights or resources the user has access to, once authenticated.

  1. No trackbacks yet.