Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What is the comparison between Authentication and Authorization in Information Security?
Authentication
Authentication is the procedure of providing that an individual is the person that they claim to be. This contains matching a person’s claimed identity asserted through a credential (such as an ID card or unique ID number) against one or more authentication factors that are destined to that credential.
Authentication is about validating the credentials such as User Name/User ID and password to verify the identity. The system decides whether it can what it can say and it is using the credentials.
In public and private networks, the system authenticates the user identity through login passwords. Authentication is usually completed by a username and password, and sometimes in conjunction with factors of authentication, which define the several ways to be authenticated.
Authentication factors decide the several elements the system use to verify one’s identity prior to permitting that and it can access to anything from accessing a document to requesting a bank transaction.
Authorization
Authorization is a security structure can determine user/client privileges or access levels related to system resources, such as computer programs, files, services, information and application features.
An authorization policy indicates what the identity is enabled to do. For instance, any customer of a bank can make and use an identity (such as user name) to log into that bank's online service but the bank's authorization policy should provide that only it can authorized to access the individual account online once the identity is verified.
Authorization can be used to more granular method than simply a website or company intranet. An individual identity can be contained in a set of identities that share a common authorization policy.
For example, suppose a database that include both customer buy and a customer's personal and credit card data.
A merchant can make an authorization policy for this database to enable a marketing team access to all customer purchases but avoid access to all customer personal and credit card data, therefore that the marketing team can identify famous products to promote or put on sale.
Let us see the comparison between Authentication and Authorization.
Authentication | Authorization |
|---|---|
| Authentication is the procedure of
recognizing a user to support access to a
system. | Authorization is the procedure of
providing permission to access the
resources. |
| It decides whether user is what it can
claims to be. | It decides what user can and cannot
access. |
| Authentication credentials can be
partially modified by the user according
to the requirement. | Authorization permissions cannot be
modified by the user. The permissions
are likely to a user by the
owner/manager of the system, and it
can only change it. |
| Authentication generally needed a Authentication factors needed for
username and a password. | authorization may vary, based on the
security level. |
| Data is supported through the Token
Ids. | Data is supported through the access
tokens. |
350 Views
