Authentication vs. Authorization authentication and authorization

Authentication vs. Authorization authentication and authorization (transfer)

Authentication vs. Authorization verification and authorization it is important to clarify the difference AuthenticationAnd Authorization, And how these terms are used within this paper. The differences are fairly obvious, but understanding the implications of each is important.

First, we must distinguish the differences between authentication and authorization so that we can better understand what they represent in this document (passport guide. As the name suggests, they seem to have obvious differences, but for us, it is important to understand the associations between them.

P.s.: literally, the Chinese differences between the two are clear, but these two words are very confusing in English.

AU · then · Ti · Ca · tion[Aw thè nt káysh 'n'] n:
The verification of credentials presented by an individual or process in order to determine identity.

Verification: when we want to identify an individual or a process (request), we usually need to identify the identity information they provide. This authentication process is called verification.

AU · Thor · I · za · tion[À wthr záysh 'n'] n:
To grant an individual permission to do something or be somewhere.

Authorization: The system grants an individual the right to engage in certain actions within a certain range. This process is called authorization.

AuthenticationIs the process of recognizingWhoAn individual is by verifying credentials.AuthorizationIs the act of deciding what that individual has access. when someone asks for your driver's license, for example, it is a form of authentication. your driver's license provides a way for you to identify yourself to others in order to assist in your transactions.

Authentication is the process of determining an individual by checking the identity information. Verification determines the behavior of an individual's behavior norms. Simply put, verification is to determine who you are? Authorization is what you are allowed to do. For example, sometimes you need to show your driver's license to describe your identity. This is a form of verification. In many cases, your driver's license is used to prove your identity so that you can pass verification and obtain various authorizations.

Your driver's license alone does not determine whether you can legally engage in any age Restricted Activities (voting, for example ). it only verifies the relevant credentials, such as date of birth, so that permission can be given for an activity.

However, your driver's license does not allow you to pass verification similar to those requiring age restrictions (such as voting ). These verifications require you to present proof of identity related to them, such as your date of birth, so that you can obtain the appropriate permission (authorization)

P.s.: I think this text shows that even if a user chooses different functions, the authentication information he needs is different. For example, currently, most web sites require password and financepassword (second-level financial password). One is used for user login identity verification, and the other is used for user financial operation verification.

It is possible to authenticate someone without any authorization, but it is difficult to imagine authorizing someone for some purpose without also requiring that they go through some form of authentication.

You may not give any authorization after verifying a user, but we do not advocate giving some form of authorization to some users without any form of authentication.

P.s.

Passport is focused on authentication. this is important, as it means that you remain in control of authorizing your own services. one of the benefits of passport is that It offloads the need for you to run an authentication system, resetting passwords and other related tasks, while still leaving you control over who can use your site.

Passport is just a universal verification platform. It is important to clarify this. Each passport relying party must authorize the verified account according to its own business needs. To help you build and maintain a user verification system, you no longer have to remember multiple accounts/passwords for multiple websites. Passport certification wants to do so .... Just so

Any computer system should have a permission module to split permissions into verification and authorization. This is indeed a clear solution. Of course passport has done it. Thanks to Microsoft's documentation, this is indeed helpful to me. For the talented children of Microsoft ...... All developers work together to kill Microsoft!

 

The differences between identity authentication and authorization are recorded in Microsoft documents. Identity Authentication is used to verify creden during connection attempts. the login process includes the authentication protocol used by the network access client to pass authentication, in plain text or encrypted mode, creden are sent to the server. Authorization determines whether to accept or reject a connection based on the account creden, and remote access policies after authentication, authorization can be performed only after successful login attempts. If logon fails, user access is denied.
Below is my understanding:

When you go abroad, you must have two things. In passport and visa, a passport wants identity verification. He can only prove your identity, but cannot do anything else. In visa, he wants to authorize the passport. The visa indicates what you can do in this country, this is the same as authorization.