Authentication vs Authorization

I use to always find these two words confusing. Never use to understand the difference between both and actually both sounded like same with similar meaning. Actually they are not.

Authentication (AuthC) is the process of identifying the authenticity of a user. Is he really the same person he claims to be or he is hiding behind a mask of someone else.

Example: If you have ever been to a convention center (Ex. RSA, Cisco Live etc.) you will first go to the front desk were they will ask you for your name and company ID and also will request you to accompany with a Driver’s License. Now they are trying to Authenticate whether the company badge and the Driver’s License belongs to the same person.

AuthoriZation (AuthZ) is the process of assigning permission or restrictions, in other words what level of access to secure assets or location.

Example: Once your ID is checked at the front desk of the convention center and you are authenticated, a badge (tag) is given to you which might say Guest, Exhibitor or Owner etc. Based on what Authorization or access level you are granted, you can access certain levels and rooms in the convention center.

I hope this clarifies.

Leave a Reply

Your email address will not be published. Required fields are marked *
You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>