Showing posts with label Authentication. Show all posts
Showing posts with label Authentication. Show all posts

Thursday, 20 August 2020

Authentication versus Authorization

Two fundamental concepts that need to be understood when talking about identity and access are authentication and authorization. They underpin everything else that happens and occur sequentially in any identity and access process:

Authentication - Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.

Authorization - Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it.

Authentication is sometimes shortened to AuthN, and authorization is sometimes shortened to AuthZ.


Authentication
Authentication



Authorization
Authorization