With the continuous development of modern IT, identity is everywhere. It is the entrance for users to enter all services, and the ability to manage these identities is the key to the success of enterprises, among which “authentication” and “authorization” are indispensable important parts of identity management. When developing or managing an application, we often see two terms – authentication and authorization. In English, the terms are more similar – authentication and authorization. Although the two terms are often used in the same context, they are conceptually very different. Authentication means confirming the identity of a user or user, while authorization means granting access to the system. Simply put, authentication is the process of verifying a user’s identity, while authorization is the process of verifying that the user has access.

What is certification

Authentication is about validating “your” credentials, such as username/email and password, to verify the identity of the visitor. On public and private networks, the system authenticates a user’s identity by login password, which is usually accomplished by user name and password. Authentication is not just in the form of a password, but can also be done by other factors such as a mobile phone verification code or biometric characteristics. In some application systems, in order to pursue higher security, multiple authentication factors are often required, which is often referred to as multi-factor authentication.

Common authentication modes are as follows:

  • User name and password authentication

  • Mobile phone and SMS verification code authentication

  • Mailbox and email verification code authentication

  • Biometric authentication for face recognition/fingerprint recognition

  • OTP authentication

  • Radius Network Authentication

What is authorization

Authorization is the process of determining whether an authenticated user can access a particular resource. It verifies that you have the right to grant you access to information, databases, files and other resources. Authorization occurs after the system has been authenticated. Simply put, authorization determines your ability to access the system and to what extent. For example, the process of validating and confirming mailboxes and passwords in an organization is called authentication, but determining which employees have access to which floors is called authorization. Suppose you’re traveling and you’re about to board a plane. When you present your ticket and identification before boarding, you will receive a boarding pass, which certifies that your identity has been verified by the airport authority. When you check your boarding pass and the flight attendant guides you to the flight you are supposed to take and allows you to enter the plane to view and use the relevant resources, this means that you are authorized.

Comparison between authentication and authorization

Enterprise data security is also one of the goals of Authing’s enterprise service. Through the technical discussion of authentication and authorization in this paper, Authing tries to bring some thoughts to our developer friends. Recently, some Ctos left us a comment asking us about Okta’s recent acquisition of Auth0 and what Auth0 technologies Okta is interested in. In order to better understand the dynamics of identity cloud and the value of Auth0, we will invite CMO Xu Ziqiang, a member of the founding team of Authing, to analyze the reasons for Okta’s acquisition of Auth0 at 20pm on March 16th next Tuesday. Describe the technical architecture of the identity cloud field, and how enterprises embrace the identity cloud to reduce costs and double productivity. Welcome developers to add Authing assistant (wechat id: Authing2021) to listen to the group.