Authentication vs Authorization
Authentication – Verifies who you are.
For example, you can login to a software application and the authentication piece will provide answers to questions like:
- Who is the user John Doe?
- Is this user actually who they say they are?
The software application will depend on some sort of unique piece of information that is known only to the user. A password, a public key, or even Kerberos can be used. Whatever it is, the user will need some sort of secret to login. The software application will challenge the user to provide this unique information and during authentication, will verify if the information was presented correctly. If so, the user is considered to be authenticated.
Authorization – Verifies what you are authorized to do.
For example, you are allowed to login to a software application via authentication, but you are only authorized to perform or view certain functionalities within that application. This could be something along the lines of having administrative authorization and only users with that authorization can complete specified tasks.
Within the application development process, both Authentication and Authorization can be built in and integrated with an organization’s existing system like LDAP and Active Directory. In simple terms, this means that the same username and password that a user logs into their computer with, can also be used to perform the secure authentication and authorization. This allows for one central point of administration.
Applied Engineering, Inc. has expertise in building and designing software integration pieces that will utilize your organization’s existing security groups and perform both authentication and authorization.
Contact us for more information for figuring out what software works best for you.