Confuse or not confuse: Identification, Authentication and Authorization

Confuse or not confuse: Identification, Authentication and Authorization

These three similar-looking words are always confused. And that has reasonable roots because they all are related to providing access to some system or resources. And it is ok confusing them if you discuss best shovel shape. But when you start talking about something related to IT systems, applications or websites, it worth to know the difference.

No worries, it is not rocket science, and the only thing we need to do is to break down the logging process into steps. 

1. "Tell me your name, ..."

First, you come to a PC, terminal, ATM or website and present yourself. You tell that machine your name and some secret. First check happening then is validation that such a user exists, i.e. user identification. 

Your identity was presented. Your password has not been verified yet. You are not allowed to enter. You have no access to anything.

2. "... confirm that it is you ..."

Second, a machine knows who you are claiming to be, but needs a verification, that it is you. It's time to use the secret. We have a lot of tools here that may be used as secrets. Examples are passwords, palm scan or application respond code. I gave examples of "something you know", "something you are" and "something you have". That is all different kinds of authentication. Tip, combine any two from two different groups together, and you get two-factor authentication. 

Your identity was presented and verified by means, say, of a password. You are allowed to enter, but you have NO access to anything.

3. "... and I will give you access to what you are allowed to have access."

It is easy to mix up authentication with authorization. It is natural to think they happen together, at the same time. But in fact, they are not. In all the systems, these are two different processes, two separate modules.

Once you are authenticated, the system has no doubts that you is you, but every time you access a new page or choose a menu, your rights are checked. Authorization is happening. That happens many times during one session.

Be equipped with this knowledge, shine it at the next meeting.


Follow me on LinkedIn, www.abocharnikov.comTwitterTelegram and Facebook.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics