Is there a difference between authentication and authorization?

Question

I see these two terms bandied about quite a bit (specifically in web-based scenarios but I suppose it\'s not limited to that) and I was wondering whether or not there was a

Answer 1

Compared to the rest of the responses which try to explicitly specify the definition or technology. I'll submit an example can be more valuable.

Here's some an article that makes a great analogy to a passport versus a lock and key

When speaking about authentication (also called AuthN), think about identity. Authentication tries to answer “is this person who they say they are?” It’s a software equivalent of a passport or national ID check. Or to put it in more realistic terms, authentication is a similar process to that moment when you look at another person’s face to recognize that this is your friend from college and not your annoying second floor neighbor.

On the other hand, authorization (also called AuthZ) is all about permissions. Authorization answers a question “what is this person allowed to do in this space?” You can think of it as your house key or office badge. Can you open your front door? Can your annoying neighbor enter your apartment at will? And more, once in your apartment, who can use the toilet? Who can eat from your secret stash of cookies tucked away in your kitchen cupboard?