We use these terms a lot and we also use phrases which mean things similar to these terms. I'd like to explicitly define them and I encourage all to use them as defined so as to be clear and concise. I think it will help. * Authentication = based on the credentials you have shared (e.g. user name, password, SMS response, smart card, etc.), we know who you are * Authorization = based on who you are, you are allowed to access specific resources and those resources only, i.e. we define what you can do If you want to be extra-nerdy: * Authentication can be abbreviated "authN" * Authorization can be abbreviated "authZ" * Authentication and Authorization together can be referenced as "authX" I hope that's useful. /marksv