A guide to implementing fine-grained authorization

Authentication and authorization rank among the top priorities for application developers today. While they’re often used interchangeably, they actually represent two very different things. Yet in order to ensure a secure and seamless experience for users, both must work in concert.

To illustrate the distinction between authentication and authorization, I often use the example of taking your family to Disneyland. Authentication is like the front gate where upon arrival you show your ticket and ID to the gatekeeper who checks to confirm that you are who you say you are—much like when you log onto an application in which the authentication system checks your username and password to validate your identity.

To read this article in full, please click here

This article has been indexed from InfoWorld Security

Read the original article: