jump to navigation

Authentication and Authorization March 19, 2008

Posted by javafoo in general programming, java, javanotes, security.

I sometimes mistake one for the other. Of course a simple search on Google or wikipedia will clear this. But it doesn’t seem to stick with you, unless you understand, assimilate and put it in your own words. So here goes, for me authentication means, the authenticating entity (a server, for ex.) needs to know, that you are, who you say, you are (simplest mechanism: username/password). Authorization is the second stage to authentication: Ok, now I know you are ‘joeblack’ (you have been authenticated), so what are trying to do? what roles do you have (admin, user etc.)? Given your roles, can you do what you are trying to do? There, now I will never mix them up, hopefully.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: