Authentication vs Authorization

Authentication

• Process of establishing the identity of a person or service looking to access a resource.

• It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control use.

• It establishes if they are who they say they are.

Authorization

• Process of establishing what level of access an authenticated person or service has.

• It specifies what data they're allowed to access and what they can do with it.