Authentication and authorization
Accessing resources is based on a two-stage concept that consists of firstly authenticating and then authorizing; in a nutshell, identifying who you are and determining what you can do.
Authentication, also referred to as AuthN, is the process of establishing the identity of a person (or service) and proving they are who they say they are. This can be done by validating provided access credentials information against stored or known identifying information.
Authorization, also referred to as AuthZ, is the process of establishing what level of access the authenticated person (or service) has to the resource; that is, what they can access and what actions they may perform:
Figure 8.3 – Authentication and authorization
In this section, we looked at the concepts of authentication and authorization. The following section looks at SSO.