ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • Authentication and Authorization
      Web/Security 2019. 8. 27. 21:55

      1. Overview

      Authentication is the process of ascertaining that somebody really is who they claim to be. And Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorized to read.

      1.1 Authentication

      • Login + password
      • Who you are

      1.2 Authorization

      • Permissions
      • What you are allowed to do

      2. Description

      2.1 Authentictaion

      It's validating credentials like UserName/UserId and Password to verify your identity. The system determines whether you are what you say you are using your credentials.

       

      Based on the security level, authentication factor can vary from one of the following:

      • Single-Factor Authentication
        • Commonly relies on a simple password to grant user access to a particular system such as a website or a network.
        • A common example is Login credentials which only require a password against a username
      • Two-Factor Authentication
        • Using two-step verification process which not only requires a username and password, but also some confidential information only the user knows, to ensure an additional level of security, such as an ATM pin, which only the user knows.
      • Multifactor Authentication
        • Using multiple levels of security from independent categories of authentication to grant a user access to the system.
        • Financial organizations, banks, and law enforcement agencies use multiple-factor authentication to safeguard their data.

       

      • HTTP Authentication Schema
        • Basic access authentication
        • Digest access authentication

      2.2 Authorization

      Authorization occurs after your identity is successfully authenticated by the system which ultimately gives you full permission to access the resources such as information, files, databases, funds, locations, almost anything. It is the process to determine whether the authenticated user has access to particular resources. 

      3. References

      https://medium.com/datadriveninvestor/authentication-vs-authorization-716fea914d55

      https://stackoverflow.com/questions/6556522/authentication-versus-authorization

      'Web > Security' 카테고리의 다른 글

      Open Authorization(OAuth) 2.0  (0) 2019.08.29
      Difference between Signing and Encryption with OpenPGP  (0) 2019.08.29
      Encoding, Encryption, Hashing, and Obfuscation  (0) 2019.08.28
      JWT, JWS, JWE, JWA, and JWK  (0) 2019.08.27
      Session and Cookie  (0) 2019.08.23

      관련글 관련글 더보기

      댓글

    Designed by Tistory.

    티스토리툴바