Authentication versus authorization
Before we dive into how authentication evolved over the past few decades and the different protocols, there is one basic topic that needs to be covered: the difference between authentication and authorization.
Both terms are often used in combination with security, especially when it comes to gaining access to a system. Although they are both heavily related, they are very different. There is a huge difference between gaining successful entry to an application (authentication) and what you are allowed to do once you are inside (authorization).
In the next few sections, we are going to cover both terms in more detail.
Authentication
Authentication means confirming your identity. It is the process of proving that you are who you say you are (this is sometimes shortened to AuthN). To verify the identity of the user, the system obtains some credentials to verify the user. If the credentials that are provided by the user (or system or application...
