Authentication and Authorization

Authentication and Authorization

Authentication and Authorization are two main important concepts in the world of security, mainly when it comes to accessing online services, apps, or systems. As authorization and authentication looks similar but they serve different purposes. Let's dive into authentication and authorization.



1. Authentication - "Who are you?"

Authentication is the process of verifying the identity of a user or a system.

When you log into a website or an app, you provide some form of identification like a username and password. The system then checks whether the information matches the credentials stored in its database. If it matches, you’re authenticated and allowed to proceed.

There are several methods of authentication such as;

  • Username and password: The most basic form where you enter a password to prove your identity.
  • Two-factor authentication : You use something you know (password) plus something you have (a one-time code sent to your phone) to log in.
  • Biometrics: Using your fingerprint, face, or iris scan to verify your identity.

Example:- When you log into your email, you enter your email address and password to prove that you are the owner of that account.

2. Authorization - "What are you allowed to do?"

Once you're authenticated (your identity has been confirmed), the next step is authorization. This determines what you are allowed to do within the system. It answers the question, "Now that we know who you are, what are you allowed to access?"

Authorization controls access to specific resources or actions based on your role or permissions. For instance, just because you’re logged into a company's system doesn’t mean you can access all its files or settings. Some areas or actions may be restricted to certain users.

Ways authorization is managed:

  • Roles: Users are assigned roles like admin or user with different access levels.
  • Permissions: Users have specific permissions that control what they can view, edit, or delete.

Example:- After you log into your email, you’re authorized to send and receive messages. However, you’re not authorized to access someone else’s inbox.


Key Difference between Authentication and Authorization

  • Authentication is about proving identity (who you are).
  • Authorization is about permissions (what you are allowed to do).


Authentication happens before authorization. You first need to be authenticated before the system checks what you’re authorized to do.


Why Are These Important?

Both authentication and authorization are essential for protecting data and systems. They ensure that only the right people can access certain information and that users can only perform actions that they are allowed to do.

In today’s world, where data breaches and unauthorized access are common, having strong authentication and proper authorization in place helps keep systems secure.

Conclusion

In simple terms, authentication asks, “Who are you?” while authorization asks, “What are you allowed to do?” Both are critical parts of keeping data and systems safe, especially in digital environments.


Comments

Post a Comment

Popular posts from this blog

Blocking and Non-Blocking Operations

Image
Blocking Operations In blocking operations program must wait for a task to complete before moving on to the next task. While it waits, nothing can be happened to the program because it is blocked until the current task is completed.           Real-World Example :- In banks, while we are waiting in the queue we must wait for the person                infront to complete his transaction, we cannot move forward until the person infront completes his            tasks. Non-Blocking Operations In non-blocking operations , it allows a program to engage in other tasks while waiting for the operations to finish. It doesn't block other programs from running. The program has the ability to move forward immediately without waiting for the operation to finish.          Real-World Example :- In a restaurant, while ordering the food we can chat with friends, it is not ...
Read more

Inner Class, Static Inner Class and Anonymous Inner Class

Image
 01) Inner Class In Java, inner class is a class that defined within another class. Inner classes provide better encapsulation, organization and useful when you want to logically group classes that are only used in one place. Inner classes are able to access the outer class's methods and variables, if they are even private. They often used to be readable and maintainable codes. In Java, there are several inner classes among those, the three inner classes that i chose are as below; Normal Inner Class (Non-Static Inner Class) Static Inner Class Anonymous Inner Class 1. Normal Inner Class (Non-Static Inner Class) Inner class is a class that is declared within the outer class. It can access the outer class's methods and variables, even if it is private. Example: class Outer {     private String message = "Hello from Inner Class!";     class Inner {         public void showMessage() {             System.out.println(me...
Read more

OOP Concepts in Java.

Image
 OOP ( Object Oriented Programming ) In OOP, the two main aspects are methods and classes. If we assume like this, class as fruit and the objects as types of fruits such as orange, grapes, apple etc..... This clearly gives an idea that class is a blueprint or template of an object and object is an instance of a class. class---> Fruit objects ---> Orange, Apple, Grapes etc.... In OOP, there are main 04 concepts, they are as below; Encapsulation Inheritance Abstraction Polymorphism 01 Encapsulation The meaning of Encapsulation is to make sure that sensitive data is hidden from the users, to achieve this you must; declare class variables and attributes as private provide public get and set methods to access and update the value of a private variables The Get method return the variable value and the Set method set the value Example:-  public class Person {     private String name;           public String getName() {     ...
Read more