Author: Pratik Bhatt
Audience: All who are interestedd in IT
Bias Information: None for this post
================================================================================================================
Hello readers! Hope you all are doing well.
You may be thinking that why I have started with a very basic subject of authentication and authorization where there is already best explanation already available by okta https://www.okta.com/identity-101/authentication-vs-authorization/
Well, I have reasons for that,what I want is to explain and share what I learnt in IAM and also want to explain with Real-world example so its easy to remember.
Also, As Dr Jordan Peterson said,“If you want to learn how to think, you should learn how to write”
And I have observed many times that writing something clears my mind about that subject
Well, that was lot of stuffs outside of topic, lets dive-in (or fly-on 😊) to the subject.
Authentication
Authentication is a process where-in you should be able to prove who you are.
Complex a bit? Let’s me give you example
Assume that you want to travel to Corsica, so you board a flight from India as an Indian Citizen So, you go to Airport at time, when you try to check-in with luggage at Airport, first thing they will ask is Passport + Valid Ticket,
You will have to show your passport and a ticket. Airline Staff will see it, validates it and you will be allowed to enter further to your required Gate# from where you can board the flight,
That’s it, it’s called Authentication, you proved your identity by providing passport and ticket, they validated it.
Authorization
Authorization is a process where-in access to certain resource(s) are given to requestor and requestor often (not necessary always) asked to get validated before getting resource
Too much blah blah ? Let’s continue with above example.
So based on Authentication, you got-in to Airport, sitting in common lounge, in-order to board flight you will have to pass immigration check, based on that only you will be granted access to Airplane sit.
That’s it, it’s called Authorization, Here you get access to certain resource based on validation.
Let me know via email – bhattpratik@live.com or via LinkedIn, if these were the easy examples or I made it more ambiguous