AuthN & AuthZ

AuthN and AuthZ are very commonly used terms but are confusing to a novice computer user. So trying to explain with example.

AuthN – Authentication is establishing the your identity.

AuthZ – Authorization is establishing your privilege

Authentication is the process of verifying who you are and making sure you are who you say you are. When you log on to a PC with a user name and password you are authenticating. Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.

Authentication begins when a user tries to access information. First, the user must prove his access rights and identity. Password is a basic method of authorizing someone. When logging into a computer, users commonly enter usernames and passwords for authentication purposes. This login combination, which must be assigned to each user, authenticates access. However, this type of authentication can be circumvented by hackers.

A better form of authentication, biometrics, depends on the user’s presence and biological makeup such as retina, face, fingerprints. This technology makes it more difficult for hackers to break into computer systems.

The Public Key Infrastructure (PKI) authentication method uses digital certificates to prove a user’s identity. There are other authentication tools, too, such as key cards and USB tokens. One of the greatest authentication threats occurs with email, where authenticity is often difficult to verify. For example, unsecured emails often appear legitimate.

Authorization is the process of determining whether the user who has logged in has the authority to access a specific recourse as requested.
In other words, authorization is the process of specifying access rights to a subject over a set of objects. Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user’s identity.

Authorization must always follow authentication as it wouldn’t be possible to authorize someone without having them authenticated. Let us consider an example of a passenger boarding a plane.

When the passenger approaches the check in counter at the airport, they present their identification and ticket. This part of the process is called authentication.
Based on the set of credentials provided by the passenger, the check-in officer would authenticate the user and issue a boarding pass for the specific flight. The passenger would then clear the security check and at the boarding gate present the boarding pass. The officer at the boarding gate would check the boarding pass and verify if the user is allowed to board that particular flight. This is process of authorization.