Authentication vs. Authorization

Authentication is a mechanism by which a system can accurately and securely identify its user and if that user is really the person he/she represents himself to be.


Authorization on the other hand is a mechanism by which a system determines the amount of access is allowed to particular users for specific resources that under its control.

"Authorization system provide answers to the questions:

• Is user X authorized to access resource R?
• Is user X authorized to preform operation P?
• Is user X authorized to preform operation P on resource R?"

source: http://www.duke.edu/~rob/kerberos/authvauth.html