Don't Get Locked Out: A Lighthearted Look at Identification, Authentication, and Authorization

Don't Get Locked Out: A Lighthearted Look at Identification, Authentication, and Authorization was initially published on Saturday January 14 2023 on the Tech Dev Blog. For the latest up-to-date content, fresh out of the oven, visit https://techdevblog.io and subscribe to our newsletter!

In software engineering, the concepts of identification, authentication, and authorization are crucial for ensuring the security of a system. These concepts are closely related, but each have their own distinct purpose and function. In this guide, we will explore these concepts in more detail and look at some real-world examples to help illustrate how they work together.

Identification

Identification is the process of determining who someone or something is. In the real world, we use identification all the time. For example, when we are asked to show our ID when entering a building. Or when we use our fingerprints to unlock our phone. In the context of software engineering, identification is often the first step in granting access to a system. This could be as simple as asking a user to enter their name or email address, or it could involve more complex methods, such as biometric identification using fingerprints or facial recognition.

For example, when you sign up for a new account on a website, the website asks you to provide your name, email address, and other personal information. This information is used to identify you as a unique user and create a new account for you.

Authentication

Authentication is the process of verifying that someone or something is who or what they claim to be. Once a user identified, authentication is used to confirm their identity. This is typically done by requiring the user to provide some form of credentials. Such as a password or a security token. Authentication can be as simple as checking a single password against a stored value. Or it can involve multiple factors, such as something the user knows (a password), has (a security token), or is (biometric data).

For example, when you log into your bank account online, you are asked to provide your username and password. The bank's system will then check the information you provided against the stored values. If they match, you will be granted access to your account.

Authorization

Authorization is the process of determining what someone or something is allowed to do. After a user has been identified and authenticated, authorization is used to determine which actions they are authorized to perform. This can include granting access to specific files or resources, or allowing the user to perform certain actions. Such as adding or deleting records.

For example, when you log into your bank account, you may be authorized to view your account balance. But not authorized to transfer funds above a certain amount to other accounts. Similarly, an administrator user may have the authorization to perform certain actions such as creating new users or managing the system's settings. While a regular user may not have that authorization.

Conclusion

Identification, Authentication, and Authorization are three fundamental software engineering concepts that work together to ensure the security of a system.

Identification establishes the identity of the user. Authentication confirms it. Authorization determines what the user is allowed to do with the system.

These concepts are important to understanding how to design and build secure software systems and protect user’s personal and sensitive data. Real-world examples such as online banking, access control, and user management on websites, illustrate the practical applications of these concepts in today's digital world.