Authentication is the process of verifying that a user has the right to access an application. The canonical example is the login screen. A successful login indicates the user is authorized and has the right to use the application. A failed login means the user does not have the right to access the application.
Authentication often precedes authorization, but doesn't always have to. For example, on Seventh Octave, I made the decision to not force readers to login to leave comments. What this means is my readers are authorized to leave comments without being authenticated.
This behavior is the same for each article - even popular articles like myJavaScript Dashboard Gauge Set.
Authorization
Authorization determines what actions a user has the right to take within an application. Here, the canonical example is Role Management.
Take for example a Blog application. A Writer role may be able to create and update Posts, but not necessarily delete Posts. So, you wouldn't authorize the Writer role to delete Posts.
On the other hand, you may have a Moderator role. As a Moderator, you can delete Comments, but you wouldn't necessarily want a moderator to create, update or delete Posts. So, you would authorize Moderators to delete Comments, but not create, update or delete Posts.
So, basically, authentication determines access, whereas authorizationdetermines actions. Now you know, and knowing is half the battle.
No comments:
Post a Comment