Home / Unlabelled / Authentication & Authorization

Authentication & Authorization

April 10, 2019
Authorization

Authorization, on the other hand, occurs after your identity is successfully authenticated by the system, which ultimately gives you full permission to access the resources such as information, files, databases, funds, locations, almost anything. In simple terms, authorization determines your ability to access the system and up to what extent.

Once your identity is verified by the system after successful authentication, you are then authorized to access the resources of the system.

Authorization is the process to determine whether the authenticated user has access to the particular resources. It verifies your rights to grant you access to resources such as information, databases, files, etc. Authorization usually comes after authentication which confirms your privileges to perform. In simple terms, it’s like giving someone official permission to do something or anything.

For example, the process of verifying and confirming employees ID and passwords in an organization is called authentication, but determining which employee has access to which floor is called authorization.
 Let’s say you are traveling and you’re about to board a flight. When you show your ticket and some identification before checking in, you receive a boarding pass which confirms that the airport authority has authenticated your identity. But that’s not it. A flight attendant must authorize you to board the flight you’re supposed to be flying on, allowing you access to the inside of the plane and its resources.

Access to a system is protected by both authentication and authorization. Any attempt to access the system might be authenticated by entering valid credentials, but it can only be accepted after successful authorization. If the attempt is authenticated but not authorized, the system will deny access to the system.

Authentication Authorization
Authentication confirms your identity to grant access to the system. Authorization determines whether you are authorized to access the resources.
It is the process of validating user credentials to gain user access. It is the process of verifying whether access is allowed or not.
It determines whether user is what he claims to be. It determines what user can and cannot access.
Authentication usually requires a username and a password. Authentication factors required for authorization may vary, depending on the security level.
Authentication is the first step of authorization so always comes first. Authorization is done after successful authentication.
For example, students of a particular university are required to authenticate themselves before accessing the student link of the university’s official website. This is called authentication. For example, authorization determines exactly what information the students are authorized to access on the university website after successful authentication.

No comments

Subscribe to: Post Comments ( Atom )