The main difference between authentication and authorization is that the authentication is the process of checking a user’s details to identify him and grant access to the system while the authorization is the process of checking the authenticated user’s privileges or permissions to access the resources of the system.
Information security is essential for almost all automated systems. Authentication and authorization are two mechanisms used in these systems to secure information. Authentication is used to identify a particular user in order to let him access a system. After authenticating the user to the system, authorization provides the necessary limits and accesses the user has. These policies are defined in a firewall or an Access Control List on a file server. Authorization applies only to authenticated users.
Key Areas Covered
1. What is Authentication
– Definition, Functionality
2. What is Authorization
– Definition, Functionality
3. Difference Between Authentication and Authorization
– Comparison of Key Differences
Key Terms
Authentication, Authorization, System Security
What is Authentication
Authentication is the process of proving the identity of the user. Authentication is an essential mechanism when using a particular system. It is difficult to identify a user without proper authentication. The system can ask for the combination of username and password. This set of information is particular to a certain user as this information only belongs to that user. He can access the system only after providing the correct username and password.
Some systems use different authentication types such as biometric authentication. These systems use face recognition, eye recognition, fingerprint recognition using technologies such as neural networks and computer vision for authentication. Overall, authentication helps to protect crucial and sensitive details.
What is Authorization
Authorization happens after the authentication process is completed. Authorization determines the permissions granted to an authenticated user. It checks whether the user has access to resources or not. These resources can be filers, directories, or something to access via the internet.
The users receive access through an Access List. There are three types of access lists: Dictionary Access Control (DAC), Role-Based Access Control (RBAC) and Mandatory Access Control (MAC). In Dictionary Access Control, the owner of the resource has complete control of who might have access to the resources. In Role-Based Access Control, the administrator provides access based on the role of the user. For example, Windows use groups to provide role-based access control. Mandatory Access Control is used in government organizations. It provides access based on security clearance level. Overall, authorization ensures that only authorized rights are provided to authenticated users.
Difference Between Authentication and Authorization
Definition
Authentication is the process of confirming the truth of an attribute of a single piece of data claimed true by an entity. Authorization is the process of specifying access rights/ privileges to resources related to information security.
Main Focus
The authentication checks a person’s details to identify him while the authorization checks a user’s privileges to access resources.
Main Process
Authentication verifies user’s credentials while authorization validates user’s permissions.
Order of proceeding
The authentication occurs first, and the authorization occurs after authentication.
Applications
A student can authenticate himself before accessing the Learning Management System of a University. He can access lecture slides and other learning material of the courses based on the permissions given to him.
Conclusion
Authentication and authorization are two mechanisms to secure information of the system. The difference between authentication and authorization is that the authentication is the process of checking user’s details to identify him to grant access to the system while the authorization is the process of checking the authenticated user’s privileges or permissions to access the resources of the system.
Reference:
1.Identification, Authentication, and Authorization – CompTIA Security SY0-401: 5.2, Professor Messer, 18 Sept. 2014, Available here.
2. Authorization and Access Control – CompTIA Security SY0-401: 5.2, Professor Messer, 18 Sept. 2014, Available here.
Image Courtesy:
1. “570317” (CC0) via Pixabay
Leave a Reply