I was asked this question at one of my job interviews. So I decided to look it up and settle it once and for all.
Authentication is the mechanism where the system may securely identify their users. Basically the system asks:
* Who is the user?
* Is the user really who he/she represents himself to be?
The answers to these questions are unique information known only between the user and the system. Examples include password, finger print, retinal scan...etc.
Authorization is the mechanism where the system determines the level of access to grant an authenticated user. In a nut shell, the system asks:
* Is user X authorized to access resource R?
* Is user X authorized to perform operation P?
* Is user X authorized to perform operation P on resource R?
Subscribe to:
Post Comments (Atom)
Authentication proves you are who you say you are; athorization grants level of access into the system. Important in DB management...
ReplyDeleteOwner stopped updating. Stopped learning new programming skills?
This was useful...