Authentication vs. Authorization
In many host-based systems, two machanisms are preformed by the same physical hardware and, in some cases, the same software.
++ Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide an answers to the questions: Who is the user? Is the user really who he/she represents himself to be?
- In all cases, however, authentication systems depend on some unique bit of information known (or available) only to the individual being authenticated and the authentication system — a shared secret. Such information may be a classical password, some physical property of the individual (fingerprint, retinal vascularization pattern, etc.), or some derived data (as in the case of so-called smartcard systems).
++ Authorization, by contrast, is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system.
Note for: http://www.duke.edu/~rob/kerberos/
