Scribd
Upload
4 views6 pages

Authentication Vs Authorization

Authentication is the process of verifying the identity of a user or system, while authorization determines what permissions those authenticated entities have. Authentication must occur before authorization, and both processes are essential for secure systems. Real-world examples include logging into websites and accessing features or services based on permissions.

Uploaded by

Esraa odat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
4 views6 pages

Authentication Vs Authorization

Authentication is the process of verifying the identity of a user or system, while authorization determines what permissions those authenticated entities have. Authentication must occur before authorization, and both processes are essential for secure systems. Real-world examples include logging into websites and accessing features or services based on permissions.

Uploaded by

Esraa odat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Authentication vs.

Authorization

Understanding the Differences and


Workflow
Definitions
• • Authentication:
• - Verifying identity of a user or system.
• - Examples: passwords, biometrics, tokens.

• • Authorization:
• - Granting permissions for authenticated
entities.
• - Examples: access control, permissions,
roles.
Key Differences
• 1. Purpose:
• - Authentication: Who are you?
• - Authorization: What can you do?

• 2. Sequence:
• - Authentication precedes authorization.

• 3. Methods:
• - AuthN: Passwords, OTP, biometric scans.
Authentication → Authorization
Workflow
• 1. User submits credentials.
• 2. System verifies identity (AuthN).
• 3. System checks permissions (AuthZ).
• 4. Access granted or denied based on
permissions.
Real-World Examples
• • Logging into a website (AuthN) → Accessing
dashboard features (AuthZ).
• • ATM: PIN entry (AuthN) → Withdrawal limit
checks (AuthZ).
• • Enterprise: SSO (AuthN) → File share
permissions (AuthZ).
Summary
• • Authentication and Authorization are
distinct but complementary.
• • Always authenticate first, then authorize.
• • Strong implementation of both is crucial for
secure systems.

You might also like