On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said: > I've certainly had a lot of students get confused about > the whole issue, and use "authentification" to combine > both assigning an identifier to a person, and validating > that a person has the right to use a particular identifier. Identifying a specific entity as being itself and not an impostor is "authentication". Deciding whether said entity is allowed to perform a requested action is "authorization". The two are quite distinct, even though many people confuse the two. I came up with the following example of the vast difference: Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)". Authorization: "Can I lend you a steak knife, Mr Dahmer?". Grisly, but 100% effective in explaining the distinction. (Yes, you can use it, as long as you attribute it. ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech (*) For the non-US list members - Jeffrey Dahmer was a rather nasty serial killer and cannibal....
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 18:56:44 PDT