Authentication vs. AuthorizationAuthenticationVs.Authorization
FromHttp://www.oit.duke.edu /~ ROB/Kerberos/authvauth.html
Authentication and authorization mechanisms are confusing. In many host-based systems (even in some C/S Systems), these two mechanisms are executed by the same physical hardware, and in some cases, is executed with the same software.
It is important to extract the two mechanisms. However, since theyYes(OrShould) How can we differentiate the two mechanisms that can run in different systems?
AuthenticationIt is a mechanism by which the system can safely identify users in the system.
The certification system provides answers to the following questions:
L who is the user?
L is this user really the user he/she represents?
The authentication system may be as simple as a plain text password system (refer to some older PC-based FTP servers), or as described in other documentsKerberosThe system is as complicated. However, in any case, the authentication system depends on a unique and only known (or usable) information of the verified individual and authentication system ―A Shared Secret. Such information may be a standard password, some physical attributes of an individual (fingerprint, retinal vascular pattern, etc.), or some derivative data (like the so-calledSmartcardSystem status ). In order to verify the user's identity, the authentication system usually requires the user to provide his unique information (password, fingerprint, etc ). If the authentication system can verify that the shared secret is correctly displayed, the user is deemed to have passed the authentication.
In contrast,AuthorizationThe system determines the level of access permissions that a special authenticated user should have for the resources protected by the system. For example, a database management system may be designed to provide some designated persons with the ability to retrieve data from the database but not to modify the data in the database, but the ability to change data is provided to others. The certification system provides answers to the following questions:
L is user X authorized to access resource R?
L is user X authorized to perform Operation P?
L user X is authorized to perform operations on resource R p?
Authentication and authorization are strongly coupled mechanisms-authorization systems depend on secure authentication systems to ensure that users are declared users and prevent unauthorized users from accessing protected resources.
1. Graphical description of interaction between any authentication and authorization systems, and it is also a typical c/s application.
The user working in the client system interacts with the authentication system to prove his identity, and then communicates with the server system. The server system interacts with the authorization system in sequence to determine the permissions that the client users should be granted.