February 03, 2020

Spring Security-Part 1 : Authentication v/s Authorization

What is the difference between Authentication and Authorization?
Authentication and Authorization are often used in conjunction with each other in terms of security, especially when it comes to gaining access to the system. Authentication means confirming your own identity, while authorization means granting access to the system. We can say, authentication is the process of verifying who you are, while authorization is the process of verifying what you have access to.

Authentication
  • While doing the authentication, we validate the credentials like user name or user id and password.
  • Authentication factors determine the various elements the system use to verify one’s identity prior to granting him access to anything from accessing a file to requesting a bank transaction.
  • A user’s identity can be determined by what he knows, what he has, or what he is. When it comes to security, at least two or all the three authentication factors must be verified in order to grant someone access to the system.
  • Single-Factor Authentication: It commonly relies on a simple password to grant user access to a particular system such as a website or a network.
  • Two-Factor Authentication: It’s a two-step verification process which not only requires a username and password, but also something only the user knows, to ensure an additional level of security, such as an ATM pin or security answers, which only the user knows.
  • Multi-Factor Authentication: This is the most advanced method of authentication which uses two or more levels of security from independent categories of authentication to grant user access to the system. All the factors should be independent of each other to eliminate any vulnerability in the system.
Authorization
  • Authorization occurs after the identity is successfully authenticated by the system, which ultimately gives you full permission to access the resources such as information, files, databases, funds, locations, almost anything.
  • Authorization is the process to determine whether the authenticated user has access to the particular resources.
  • It verifies your rights to grant you access to resources such as information, databases, files, etc. Authorization usually comes after authentication which confirms your privileges to perform.
Difference
  • Authentication confirms your identity to grant access to the system. Authorization determines whether you are authorized to access the resources.
  • Authentication is the process of validating user credentials to gain user access. Authorization is the process of verifying whether access is allowed or not.
  • Authentication determines whether user is what he claims to be. Authorization determines what user can and cannot access.
  • Authentication usually requires a username and a password. Authentication factors required for authorization may vary, depending on the security level.
  • Authorization is done after successful authentication.
-K Himaanshu Shuklaa

No comments:

Post a Comment

RSSChomp Blog Directory