Authentication vs. Authorization Cheat Sheet

  • Authentication
    • prove that you are you, or, prove that you are who you claim to be
    • it’s about identity
  • Authorization
    • prove that you have permission to do something, or, check whether you have access to something
    • it’s about access

In real life those two things are usually separated. When you have your driver’s license or fingerprint you can prove who you are, but your job title will determine what you can do.

The same happens for software design. A user may act as an employee, then later promoted to a manager and acquire additional access. In this case the identity of the user remains the same, but its access may change.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s