1
– Authentication is the method in which the system identifies who the user is?
– Authorization is the method in which the system identifies what user is allowed to do?
2
– Authentication defines the identity of the user.
– Authorization decides the privileges given to the user i.e. the user can access the certain section/features.
3
– There are several types of authentications, like the key (Password) based, device based, etc.
Ex. Within an organization, each and every employee can log in into an intranet application.
– Types of authorizations, like read-only and read-write or both.
Ex. Only account supervisor in accounts department can access the account section.