Tuesday, February 8, 2011

Difference Between Authentication and Authorization

Authentication :-
The Web server containing the sales reports asks her workstation, “Who’s asking for this data?” The workstation replies, “rose.” The server then says, “Prove it.” So the workstation pops up a dialog box on Ivana’s screen asking for her username and password. She types in her name and password, and assuming that she types them correctly, the server then checks that name and password against a list of known users and passwords and finds that she is indeed Ivana.

Authorization :-
The mere fact that she has proven that she’s Ivana may not be sufficient reason for the Web server to give her access to the sales pages. The Web server then looks at another list sometimes known as the access control list, a list of people and access levels—“Andro can look at this page but can’t change it,” “Suse can look at this page and can change it,” “Thomas can’t look at this page at all.” Presuming rose on the “can look” list, the server sends the requested pages to her browser.

No comments: