Is there a difference between authentication and authorization?

Question

I see these two terms bandied about quite a bit (specifically in web-based scenarios but I suppose it\'s not limited to that) and I was wondering whether or not there was a

Answer 1

Compared to the rest of the responses which try to explicitly specify the definition or technology. I'll submit an example can be more valuable.

Here's some an article that makes a great analogy to a passport versus a lock and key

When speaking about authentication (also called AuthN), think about identity. Authentication tries to answer “is this person who they say they are?” It’s a software equivalent of a passport or national ID check. Or to put it in more realistic terms, authentication is a similar process to that moment when you look at another person’s face to recognize that this is your friend from college and not your annoying second floor neighbor.

On the other hand, authorization (also called AuthZ) is all about permissions. Authorization answers a question “what is this person allowed to do in this space?” You can think of it as your house key or office badge. Can you open your front door? Can your annoying neighbor enter your apartment at will? And more, once in your apartment, who can use the toilet? Who can eat from your secret stash of cookies tucked away in your kitchen cupboard?

Answer 2

Authentication verifies who you are and Authorization verifies what you are authorized to do. For example, you are allowed to login into your Unix server via ssh client, but you are not authorized to browser /data2 or any other file system. Authorization occurs after successful authentication........

Answer 3

Authentication

Authentication verifies who you are. For example, you can login into your server using the ssh client, or access your email server using the POP3 and SMTP client.

Authorization

Authorization verifies what you are authorized to do. For example, you are allowed to login into your server via ssh client, but you are not authorized to browser /data2 or any other file system. Authorization occurs after successful authentication.

Answer 4

Simple real time example, If student is coming to school then principal is checking Authentication and Authorization. Authentication: Check student ID card it mean He or She belong to our school or not. Authorization: Check student have permission to sit in Computer Programming Lab or not.

Answer 5

Authentication: An application needs to know who is accessing the application. So authentication is related to word who. Application will check it by a login form. User will enter user name and password and these inputs will be validated by the application. Once the validation is successful, user is declared as authenticated.

Authorization is to check whether user can access the application or not or what user can access and what user can not access. Source: Authentcation Vs Authorization

Answer 6

Authentication:

Authentication is the process of verifying the identity of a user by obtaining some sort of credentials and using those credentials to verify the user's identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to Authorization process.

Authorization:

Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.