Sign in or 
- EasyEdit
- Edit tags
-
(what's this?What are these tools?
People just like you can add or edit the content on this site. If you want to try editing, but aren't ready to add to this site, try our demo area.
Read more about editing pages at Wetpaint Central.
) - Report page
Share this
Authentication vs Auhtorization
The problem of authorization is often thought to be identical to that of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption.
However, more precise usage describes authentication as the process of verifying a claim made by a subject that it should be treated as acting on behalf of a given principal (person, computer, smart card, etc.), while authorization is the process of verifying that an authenticated subject has the authority to perform a certain operation. Authentication, therefore, must precede authorization.
For example, when you show proper identification to a bank teller, you could be authenticated by the teller as acting on behalf of a particular account holder, and you would be authorized to access information about the accounts of that account holder. You would not be authorized to access the accounts of other account holders.
Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization.
However, more precise usage describes authentication as the process of verifying a claim made by a subject that it should be treated as acting on behalf of a given principal (person, computer, smart card, etc.), while authorization is the process of verifying that an authenticated subject has the authority to perform a certain operation. Authentication, therefore, must precede authorization.
For example, when you show proper identification to a bank teller, you could be authenticated by the teller as acting on behalf of a particular account holder, and you would be authorized to access information about the accounts of that account holder. You would not be authorized to access the accounts of other account holders.
Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization.
gcraigburton |
Latest page update: made by gcraigburton
, Apr 24 2009, 9:05 AM EDT
(about this update
About This Update
Edited by gcraigburton
view changes - complete history) |
|
More Info: links to this page
|
There are no threads for this page.
Be the first to start a new thread.
