Some people might not fully understand about the real meaning of Authentication and Authorization. I personally taught this is some secluded issues. After all it does not seems like that.
What is Authentication?
The most easiest way to explain Authentication is a process to verify the user identity.
Let’s say that you are one of the so-called “Secret Agent”. To enter the building itself requires you to verify your identity. If you are indeed one of the registered agents, you will be permitted entry to the building. It’s just to verify whether you are the right person or not.
if (name = "John Doe" && staff_id = "SAS921") {
print("Your entry granted")
} else {
print("Your entry denied")
}What is Authorization?
Let’s return to the previous scenario. Authorization is where you will be categorized. So example, you are indeed a verified Secret Agent. But, you are not the “Operation Director”. Only the director has the authorization to launch a full-scale attack using the drones.
So if you are only a normal agent, you can’t access the command centre.
In real life system let’s say that you are managing an e-commerce system. Normal worker can only add, edit or delete an item from your store. But when a user with some proper authority logged in (let’s say Finance), they can’t add, edit or delete any item. BUT they can review all payment statements.
I hope that more people will understand what is the meaning of Authentication and Authorization.
Leave a Reply