Search
Joe Pruitt - A Software Architect's take on Network Security
You are here: DevCentral > Weblogs

The Networking ABC's - A is for Auth

posted on Monday, March 31, 2008 1:59 PM

abc

I was digging through some ideas for blog posts and with the popularity of the "101" series of tech tips we've done on DevCentral, I figured test the waters with some structure like that on my blog.  So, here's a go at the first of (at least) 26 posts on "The Networking ABCs".  Who knows, maybe someone will invent a new letter by the time I get to "Z". 

"A" is for Auth

Since the term "Auth" is used freely to mean one or both of the following terms, you'll get a bonus for this first entry!

SecureIDCard

Authentication

Pronounced: au-then-ti-ca-tion
Abbreviations: AuthN, 4v7#/\/

Authentication is the the process of verifying a user's identity, primarily when he/she is attempting to access some resources across a network.  This can be in the form of logging into a website or trying to open a file across a network share.  Users can authenticate in many ways such as supplying a username and password or presenting more hardened credentials such as a client side certificate or a token from a encryption device such as a SecurID card.

ghetto_chicks

Authorization

Pronounced: au-thor-i-za-tion
Abbreviations: AuthZ, 4v7#2

Authorization is the process of identifying the level of access that an authenticated users has been granted.  This is essentially a list of what an authenticated users is allowed to do.  An example of this would be whether a specific user is allowed to edit a document on a specific file share.  It's an added bonus if you are lucky enough to have knife-wielding ducklings to protect you from the occasionally invading kitty.

 



One Comment

Feedback
9/19/2008 10:41 AM
Gravatar Being a new blogger, I'm just catching up on my ABCs. =)

In the mainstream these two terms are often used interchangeably, or authentication is used to mean both verifying identity and making sure the user is allowed access to the requested resource. The latter is understandable, because for most people logging into something does both authentication and authorization in one step. You type in your username and password, and the system verifies that you are who you say you are because it assumes only you know your password and then checks an internal database to make sure you are allowed into this particular system. In the computer security field, however, they are very different things, and meshing them when talking seriously about the security of a system can lead to incomplete (and thus insecure) implementations of security policy.
Kris Plunkett

Let Me Know What You Think

Please use the form below if you have any comments, questions, or suggestions.

Title:
 
Name:
 
Email: (so we can show your gravatar)
Website:
Comment: Allowed tags: blockquote, a, strong, em, p, u, strike, super, sub, code
 
Please add 1 and 2 and type the answer here:

Links

  
Are you interested in:
Search DevCentral to get answers to your questions.

Blog Stats

Posts:379
Comments:1067
Stories:1
Trackbacks:301
  

Tags

  

Post Categories

  

Article Categories

  iRules
  

Archives

  

Image Galleries

  

BlogRoll

  

Joe's bookshelf: read

The Lost Gate
4 of 5 stars
The Lost Gate
by Orson Scott Card
This one started slow but I got really got into it about 1/3 of the way through. If you are an Ender's Game fan, you'll probably like this one as well.
The River of Doubt: Theodore Roosevelt's Darkest Journey
4 of 5 stars
The River of Doubt: Theodore Roosevelt's Darkest Journey
by Candice Millard
Gideon's Sword
3 of 5 stars
Gideon's Sword
by Douglas Preston
The Necromancer
4 of 5 stars
The Necromancer
by Michael Scott
The Sorceress
4 of 5 stars
The Sorceress
by Michael Scott

goodreads.com


82,243 Members in 102 Countries and Growing!

Join DevCentral Today!

About DevCentral

DevCentral has been a successful, thriving community for many years. We have always strived to bring you the best technical documentation, discussion forums, blogs, media and much more that we can.

So dive in, get familiar with DevCentral. We hope you like it, we hope it makes your job easier, and lets you get that much more power out of the community. To learn more, make sure to check out the Getting Started section. And if you have any problems, or think something could be easier to use, drop us a line to let us know.

Got It !

We've received your comment and transmitted it directly to DevCentral HQ.

Thanks for taking time to let us know what's on your mind. At DevCentral | Community Matters!

Get In Touch With Us

Have questions, suggestions or just want to get something off your chest?

Use our handy form below to Direct Connect with DevCentral Mission Control.

Send Us Feedback       or
Copyright 1996 - 2011 F5 Networks, Inc.

Powered by the DevCentral Crew  |  Privacy Statement   |  Terms Of Use  |  Code of Conduct

Page generated faster than you can blink!