When we hear the words "authentication" and "authorization," we think of the simple definitions for each. With authentication, we assume that it means to prove that something is real, such as demonstrating the authenticity of rare coins. With authorization, we assume that it means to give someone permission to perform an action or to use something. But what do authentication and authorization mean in the technological world? Something quite similar.
Authentication in terms of technology means proving that you, the user, are in fact who you claim to be. It's a verification of your identity. As a user, you provide authentication by supplying a program, network or website with very specific credentials assigned to you. In most cases, these credentials include a user name and a password. Sometimes they may include your Social Security number or an employer-assigned ID number.
Authorization is the process that either grants you the right to use resources or denies you that privilege. If you are allowed to use a service such as a network workstation, then you have authorization. As long as the network administrator has set the access controls to allow you in, you can use the files, services, printers and other resources shared on the network.
Uses of Authentication
Authentication technologies are commonly used to ensure that you are a human being and not a computer program, such as a script or virus. Websites often do this with a "captcha" -- an image of distorted letters or numbers that can be deciphered by the human eye but not by a computer. A captcha requires you to re-enter the generated code to gain access or submit a form.
Uses of Authorization
Authorization is a security measure used in network design to prevent users from gaining information, files or resources that are beyond their security clearance. It also prevents outsiders from gaining access to the network. All users on a network are assigned an IP address designated for their workstation. If a computer tries to access the network from an address not linked to authorized users, access is denied.
How They Work Together
Authentication and authorization work well together within a network design. First, you are authenticated by providing a user name and password. Once you are logged in, the network determines what permissions you have been granted and allows you to open files or use services according to your authorization.
- Photo Credit Image by Flickr.com, courtesy of Rudolf Schuba
What Is the Difference Between Preauthorization & Pre Certification Insurance?
The growth of health-maintenance organizations as a primary payer of covered health services has introduced the ideas of pre-authorization and pre-certification into...
Authentication Vs. Validation
Authentication and validation are common Internet terms, and they sound as if they might mean similar things, but they do not. Authentication...
Differences Between a Work Permit and a Work Visa
Both a work permit and a work visa give you the right to work in the country for which you hold the...