Subscribe by Email

Sunday, July 22, 2012

What is the difference between authentication and authorization?

In this article, we have taken two very important topics of the cyber world namely authentication and authorization. We shall also discuss the difference between the two terms which have a direct link to our security on the World Wide Web and other networks. 

Concept of Authentication

"Authentication involves the act of the confirmation of the truth regarding all the attributes of some entity or datum under the question". 

The authentication process is also linked up with the confirmation of the identity regarding the following aspects:
  1. Confirmation of a person’s or software system’s or program’s identity.
  2. Tracing of the origins of some artifacts.
  3. Ensuring that what the labelling and packaging claims to be is what is that is actually in the product. 
There are three types of authentication methods which we have discussed below:
  1. The first type: It involves accepting of identity proof given by some credible person who can provide evidence of the identity or the originator and the object under assessment in question.
  2. The second type: It involves a comparison between the attributes of the object itself and what is known about the objects of same origin. But authentication of this type is quite vulnerable to forgery and calls for expert knowledge
  3. The third type: It involves authentication on the basis of the external affirmations like documentation. 
Three factors need to be verified in authentication are:
  1. Owner ship factors
  2. Knowledge factors
  3. Inherence factors

Concept of Authorization

- The process of authorization involves the act of the specification of the access rights to the resources.
- These are the resources that are involved with the computer security or information security in general.
- In particular these resources are used to access control to the security system and other desired information.
- To say it simply, authorization is the process of providing a definition for the access policy. 
- While the system is in operation, it makes use of the access control rules for making decisions regarding the rejection or approval of the access requests from the authenticated users or consumers. 
- Resources can be anything like:
  1. Individual files
  2. Items data
  3. Computer devices
  4. Computer programs
  5. Functionality of the computer applications and so on.
- Consumers may be either computer users or computer programs or other devices on the system. 
- The access control process that is performed during the authorization involves two main phases as mentioned below:
  1. Phase 1: This phase is known as the policy definition phase and involves authorization of the access.
  2. Phase 2: This phase is known as the policy enforcement phase and involves acceptation or rejection of the access requests.

Differences between Authentication and Authorization

  1. Verification of your identity: It means verifying who you are is called authentication whereas the verification of what you are authorized to do is called authorization. This is the simplest difference between the two similar sounding processes. Both of these processes are carried whenever some connection attempt is made and whether the attempt has to be allowed or rejected is decided based up on these two factors only.
  2. The basic goal of the authentication process is to verify whether you are who you claim to be or not? On the other hand the goal of the authorization is to set the access scope of the user who has been authenticated in the previous process. 

No comments:

Facebook activity