Beyond the borders of sanity

Authentication vs. Authorization

I'm writing this post for my own reference, because I always tend to forget


Authentication is the means of ensuring that a user is he who claims to be. Most common means of authentication is "login" system.


Authorization answers the question "Can the user perform foo action on my system" ? Based on the answer, we either perform or reject the action. So authorization ensures that a user is allowed to perform an action on the system ... So a user authenticates himself, then based on that , we may decide the actions he may or may not perform (Authorization) More information here. Cheers

← Back

The people have spoken

comments powered by Disqus