Difference Between Authentication and Authorization

The authentication and authorization are used in respect of information security which enables the security on an automated information system. The terminologies are interchangeably used but are distinct. The identity of a person is assured by authentication. On the other hand, authorization checks the access list that the authenticated person has. In other words, the authorization includes the permissions that a person has given.

Content: Authentication Vs Authorization

1. Comparison Chart
2. Definition
3. Key Differences
4. Conclusion

Comparison Chart

Basis for comparison	Authentication	Authorization
Basic	Checks the person's identity to grant access to the system.	Checks the person's privileges or permissions to access the resources.
Includes process of	Verifying user credentials.	Validating the user permissions.
Order of the process	Authentication is performed at the very first step.	Authorization is usually performed after authentication.
Examples	In the online banking applications, the identity of the person is first determined with the help of the user ID and password.	In a multi-user system, the administrator decides what privileges or access rights do each user have.

Definition of Authentication

Authentication mechanism determines the user’s identity before revealing the sensitive information. It is very crucial for the system or interfaces where the user’s priority is to protect the confidential information. In the process, the user makes a provable claim about individual identity (his or her) or an entity’s identity.

The credentials or claim could be a username, password, fingerprint etc. The authentication and non-repudiation, kind of issues are handled in the application layer. The inefficient authentication mechanism could significantly affect the availability of the service.

Example :

For example, there is a sender A sending an electronic document to the receiver B over the internet. How does the system will identify that the sender A has sent a message dedicated to the receiver B. An intruder C may intercept, modify and replay the document in order trick or steal the information this type of attack is called fabrication.

In the given situation authentication mechanism ensures two things; first, it ensures that the sender and receiver are righteous people and it’s known as data-origin authentication. Secondly, it ensures the security of the established connection between sender and receiver with the help of secret session key so that it could not be inferred and it is known as peer entity authentication.

Definition of Authorization

Authorization technique is used to determine the permissions that are granted to an authenticated user. In simple words, it checks whether the user is permitted to access the particular resources or not. Authorization occurs after authentication, where the user’s identity is assured prior then the access list for the user is determined by looking up the entries stored in the tables and databases.

Example :

For example, a user X wants to access a particular file from the server. The user will send a request to the server. The server will verify the user identity. Then, it finds the corresponding privileges the authenticated user have or whether he/she is allowed to access that particular file or not. In the following case, the access rights could include viewing, modifying or deleting the file if the user has authority to perform the following operations.

Conclusion

The authentication and authorization are the security measures taken in order to protect the data in the information system. Authentication is the process of verifying the person’s identity approaching the system. On the other hand, Authorization is the process of checking the privileges or access list for which the person is authorized.