Authentification can be defined as the verification of a claim of identity by a user, a process, or a device, often as a prerequisite to granting it access to resources within a system. This can be done once or many times during a particular session, workday or other period of activity consisting of multiple steps & tasks.
Authorization is the real-time decision that a system-issued identity claiming to have access rights to that system can be verified to be a (a) System-issued valid identity which is (b) being used or presented by the subject it has been issued to.
Simply put, authentication is the process of verifying who someone is, whereas authorization is the process of verifying what specific applications, files & data a user has access to.
No comments:
Post a Comment