We use these terms a lot and we also use phrases which mean things similar to these terms.  I’d like to explicitly define them and I encourage all to use them as defined so as to be clear and concise.  I think it will help.

 

·         Authentication = based on the credentials you have shared (e.g. user name, password, SMS response, smart card, etc.), we know who you are

·         Authorization = based on who you are, you are allowed to access specific resources and those resources only, i.e. we define what you can do

 

If you want to be extra-nerdy:

 

·         Authentication can be abbreviated “authN”

·         Authorization can be abbreviated “authZ”

·         Authentication and Authorization together can be referenced as “authX”

 

I hope that’s useful.

 

/marksv