What Is Authentication?
What Is Authentication?
•Authentication is the process of identifying someone's identity by assuring that the person is the same as
what he is claiming for.
•It is used by both server and client. The server uses authentication when someone wants to access the
information, and the server needs to know who is accessing the information. The client uses it when he
wants to know that it is the same server that it claims to be.
•The authentication by the server is done mostly by using the username and password. Other ways of
authentication by the server can also be done using cards, retina scans, voice recognition, and fingerprints.
•Authentication does not ensure what tasks under a process one person can do, what files he can view, read,
or update. It mostly identifies who the person or system is actually.
What is Authorization?
•Authorization is the process of granting someone to do something. It means it a way to check if the user has
permission to use a resource or not.
•It defines that what data and information one user can access. It is also said as AuthZ.
•The authorization usually works with authentication so that the system could know who is accessing the
information.
•Authorization is not always necessary to access information available over the internet. Some data available
over the internet can be accessed without any authorization.
Authentication Authorization
Authentication is the process of identifying a user to provide access to a system. Authorization is the process of giving permission to access the resources.
In this, the user or client and server are verified. In this, it is verified that if the user is allowed through the defined policies and rules.
It is usually performed before the authorization. It is usually done once the user is successfully authenticated.
It requires the login details of the user, such as user name & password, etc. It requires the user's privilege or security level.
Data is provided through the Token Ids. Data is provided through the access tokens.
Example: Entering Login details is necessary for the employees to authenticate Example: After employees successfully authenticate themselves, they can access and work
themselves to access the organizational emails or software. on certain functions only as per their roles and profiles.
Authentication credentials can be partially changed by the user as per the requirement. Authorization permissions cannot be changed by the user. The permissions are given to a
user by the owner/manager of the system, and he can only change it.